[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Racing QM Initiator's

To: Radha Gowda <rxg@openroute.com>
Subject: Re: Racing QM Initiator's
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Wed, 13 Oct 1999 17:38:07 -0700
cc: Jan Vilhuber <vilhuber@cisco.com>, Ben McCann <bmccann@indusriver.com>, "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Wed, 13 Oct 1999 19:35:16 EDT." <38051734.FB79ADF5@openroute.com>
Sender: owner-ipsec@lists.tislabs.com

  If you want something in the RFC then you should hold your discussions
on the list.

  I'm not really sure what "it" is that is not spelt out in the RFC but
I have the feeling that if it was people would say, "that's a policy
decision".

  There are lots of things that are left unsaid under the assumption that
the obvious choice would be the one taken. An example that was brought up
in the past is, "it is not spelt out in the RFC what I should do when I 
get a vendor ID payload that I do not recognize." The choices I see 
being: 1) panic; 2) refuse the negotiation; or 3) nothing. The first two 
don't pass the "why would you want to do that?" test even though they are 
perfectly valid responses since it's not spelt out in the RFC. The same 
can be said of "what do I do when 2 peers simultaneously negotiate a Quick 
Mode to each other". The choices I see are: 1) panic; 2) arbitrarily drop 
a negotiation; or 3) just finish them both. The first one doesn't pass 
the "why would you do that?" test and the second is obviously problematic-- 
what if each side arbitrarily decides to drop the other one and you end 
up with no negotiation?!. The third therefore seems like the obvious choice. 
But again, it's not spelt out in the RFC and may arguably be a "policy 
decision". So "legally" any behavior is permissible (but probably not 
defendable).

  Again, if there's any verbage you'd like to get in the RFC you should
have a discussion on the suggested verbage on the list so all can take
part.

  Dan.

On Wed, 13 Oct 1999 19:35:16 EDT you wrote
> >
> > Please note that until such a statement makes it into the rfc, what you are
> > doing may not be interoperable.
> >
> 
> I fully understand that, and it had been my intention all along  to find out 
>how
> others deal with it.
> 
> > Why is it such a problem to support both initiator and responder for both
> > phase 1 and phase 2 SA's? A robust implementation should be able to do this
>.
> 
> Since it is not spelt out in the RFC on how to handle race condition, differe
>nt
> people could interpret it differently.  I'd find it rather confusing to see t
>wo
> phase1 SAs between the same addresses.  But if that is the way it should be,
> we'll conform.
> 
>

References:

Re: Racing QM Initiator's

From: Radha Gowda <rxg@openroute.com>

Prev by Date: Re: Racing QM Initiator's
Next by Date: Re: Racing QM Initiator's
Prev by thread: Re: Racing QM Initiator's
Next by thread: Re: Racing QM Initiator's
Index(es):
- Main
- Thread