[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: XAUTH is broken
At 12:02 23.7.1999 -0700, Dan wrote:
> I don't have any objection to a new exchange but I have a request.
>Please don't just grab the next number in the _reserved_ _to_ _IANA_
>space. Config-mode did this and I think it's a bad precedent. We've
>already seen magic number conflicts (DH-less IKE and the Certicom
>EC draft) from this sort of thing.
>
> Pick a private use number and define some blob for a vendor ID which
>says, "I do XAUTH++". When you receive a properly formatted "I do XAUTH++"
>vendor ID payload you can know that each side has mutually agreed to
>use the private use number and you can proceed to XAUTH++. Then you can
>test this thing properly at the bakeoff and if, and when, it advances it
>can be assigned a number in the proper manner.
>
> Just grabbing numbers will result in chaos when IANA does assign the
>next number in its space and people say, "whoa, you can't do that! The
>Frobnitz draft is already using that number."
>
> thank you,
>
> Dan.
>
I have the feeling that vendors in the mailing list want to ship
really soon. If we choose private numbers now they will end up
in shipping products. Not that I would mind.
I guess there will be a new version of the xauth draft, I therefore
suggest VID=md5("draft-ietf-ipsec-isakmp-xauth-05"). And please don't
take the _first_ of the private numbers.
BTW: What happened to DH group "5"? Has anybody asked IANA for a number?
Jörn Sierwald
Follow-Ups:
References: