Re: XAUTH is broken

[Joern Sierwald <joern.sierwald@datafellows.com>]

At 12:02 23.7.1999 -0700, Dan wrote:
>  I don't have any objection to a new exchange but I have a request. 
>Please don't just grab the next number in the _reserved_ _to_ _IANA_ 
>space. Config-mode did this and I think it's a bad precedent. We've 
>already seen magic number conflicts (DH-less IKE and the Certicom
>EC draft) from this sort of thing.
>
>  Pick a private use number and define some blob for a vendor ID which
>says, "I do XAUTH++". When you receive a properly formatted "I do XAUTH++"
>vendor ID payload you can know that each side has mutually agreed to
>use the private use number and you can proceed to XAUTH++. Then you can 
>test this thing properly at the bakeoff and if, and when, it advances it 
>can be assigned a number in the proper manner.
>
>  Just grabbing numbers will result in chaos when IANA does assign the
>next number in its space and people say, "whoa, you can't do that! The
>Frobnitz draft is already using that number."
>
>  thank you,
>
>  Dan.
>

I have the feeling that vendors in the mailing list want to ship 
really soon. If we choose private numbers now they will end up
in shipping products. Not that I would mind.

I guess there will be a new version of the xauth draft, I therefore
suggest VID=md5("draft-ietf-ipsec-isakmp-xauth-05"). And please don't
take the _first_ of the private numbers.

BTW: What happened to DH group "5"? Has anybody asked IANA for a number?

Jörn Sierwald

---

Follow-Ups:

• Re: XAUTH is broken
• From: Dan Harkins <dharkins@network-alchemy.com>
• Re: XAUTH is broken
• From: Paul Koning <pkoning@xedia.com>

References:

• Re: XAUTH is broken
• From: Dan Harkins <dharkins@network-alchemy.com>

---

• Prev by Date: Re: XAUTH is broken
• Next by Date: Re: XAUTH is broken
• Prev by thread: Re: XAUTH is broken
• Next by thread: Re: XAUTH is broken
• Index(es):
  • Main
  • Thread