[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XAUTH is broken

To: ipsec@lists.tislabs.com
Subject: Re: XAUTH is broken
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Mon, 26 Jul 1999 18:59:38 -0700
In-Reply-To: <199907261837.LAA04417@potassium.network-alchemy.com>
References: <Your message of "Mon, 26 Jul 1999 09:08:40 PDT." <379C8808.CB2A3B@redcreek.com>
Sender: owner-ipsec@lists.tislabs.com

Dan's exactly right here. As a veteran of the IANA registration battles in 
the mail arena, I can assure you that the Right Thing To Do is to use a 
single private identifier in the draft. When (well, if) the draft becomes 
an RFC, remind IANA to give you a number.

This works both for people who implement too early (as in, during the draft 
stage) and people who wait for the RFC. The early people use the private 
value and then add in the standard number after the RFC is issued. As soon 
as the number is issued, they start to emit the number, not the private ID, 
but they continue to accept the private ID, probably forever.

The end result of this is that there are two identifiers for a few years, 
but the private one falls from grace after a while. The only other logical 
alternative is to *always* use private identifiers, which is worse (in my 
mind) unless those are what get registered with IANA. The latter method is 
how algorithms are identified in things like PKIX and S/MIME, and it leads 
to massive lack of interoperability as people use their own OIDs or have 
multiple, similar meanings for the same OID.

--Paul Hoffman, Director
--VPN Consortium

References:

Re: XAUTH is broken

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: Processing multiple phase 2 SA payloads
Next by Date: RE: XAUTH is broken
Prev by thread: Re: XAUTH is broken
Next by thread: RE: XAUTH is broken
Index(es):
- Main
- Thread