[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE Minor version

To: ipsec@lists.tislabs.com
Subject: Re: IKE Minor version
From: Joern Sierwald <joern.sierwald@datafellows.com>
Date: Tue, 29 Jun 1999 11:01:42 +0300
In-Reply-To: <377801C8.4CB41EF4@cyphers.net>
References: <377800A6.9E7E0195@cyphers.net>
Sender: owner-ipsec@lists.tislabs.com

At 16:14 28.6.1999 -0700, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Oops.  Just noticed that the versioning in RFC 2408 is strangely
>backwards.  And to think I thought it was a bug in my code that I
>rejected larger minor versions!  Since 1.0 is the "current" version,
>and 1.1 is the "old" version, how do we change the version number to
>indicate minor updates such as those in the new IKE draft while
>retaining compatibility??
>

The old version is 0.1.

Still, it is correct to reject a 1.1 version number. If we
start sending "version 1.1" all old implementations will reject 
the connection. If they send INVALID-MINOR-VERSION, we can retry
with 1.0. This is ugly.

Common Vendor ID payloads? 
How about sending "RFC4000" if you support a new RFC 
or "draft-ietf-ipsec-isakmp-xauth-03" if you support a new draft.

Jörn

References:

IKE Minor version

From: Will Price <wprice@cyphers.net>

Re: IKE Minor version

From: Will Price <wprice@cyphers.net>

Prev by Date: RE: Getting the features chart going
Next by Date: RE: Getting the features chart going
Prev by thread: Re: IKE Minor version
Next by thread: IKE Minor version
Index(es):
- Main
- Thread