Re: issues from the bakeoff

[Dan Harkins <dharkins@network-alchemy.com>]

  A good sample of people's thoughts on this subject can be found in the 
archives of this list (November '98) the last time it was an "issue".

  Dan.

On Tue, 06 Jul 1999 16:56:37 CDT you wrote
> On Tue, 15 Jun 1999, Dan Harkins wrote:
> 
> 
> >   *) Misc
> > 
> > 	- Does the order of ANDed offers make any difference in IPSec 
> >	  encapsulation? No it doesn't.
> 
> I have a few questions regarding this statement.  Does this mean that a
> IKE or IPSEC implementation needs to figure out the most logical ordering
> to be applied when multiple AND proposals are received (e.g. AH & ESP & 
> IPCOMP)?  I'd prefer not to have to hard code this logic into my IKE
> implementation.  What is the reasoning behind this decision?  It seems to
> limit the types of SA bundles that IKE can negotiate and could lead to
> interop problems (based on vendors' assumptions on what the most logical
> ordering of AND'd SA combinations means for them).  In addition, it makes
> the policy decisions harder (since AH & ESP & IPCOMP means the same as
> IPCOMP & ESP & AH) ... 
> 
> OK, the last statement is more of a whine than anything else, but I'd
> really be interested in other people's thoughts on this issue.
> 
> Thanks!
> 
> Tylor
> 
> ---
> Tylor Allison         tylor_allison@securecomputing.com        (651) 628-1554
> Secure Computing Corporation
>

---

References:

• Re: issues from the bakeoff
• From: Tylor Allison <allison@securecomputing.com>

---

• Prev by Date: Re: issues from the bakeoff
• Next by Date: IPSEC SA bundle in SAD /RFC2401
• Prev by thread: Re: issues from the bakeoff
• Next by thread: IPSEC SA bundle in SAD /RFC2401
• Index(es):
  • Main
  • Thread