[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Phase 1 Re-keying Implementation Identification

To: ipsec@lists.tislabs.com
Subject: RE: Phase 1 Re-keying Implementation Identification
From: Paul Hoffman <paul.hoffman@vpnc.org>
Date: Thu, 18 Nov 1999 18:20:16 -0800
In-Reply-To: <319A1C5F94C8D11192DE00805FBBADDFF7B5FC@exchange>
Sender: owner-ipsec@lists.tislabs.com

At 06:28 PM 11/18/99 -0500, Andrew Krywaniuk wrote:
>As for the more general question of whether it is appropriate to use vendor
>ids to advertise a feature, this appears to be the only method available in
>IKE at the moment.

Then you should change IKE (or ISAKMP).

The first sentence of section 3.16 in ISAKMP says "The Vendor ID Payload 
contains a vendor defined constant." You are not proposing a vendor-defined 
constant, you're proposing an announcement of feature that may be 
standards-track. These are completely different.

If you want continuous channel support to be TimeStep-only, it is 
appropriate to use the Vendor ID payload. Otherwise, some other mechanism 
for both sides to be sure that the other side is using it must be developed.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:

Re: Phase 1 Re-keying Implementation Identification

From: Ben McCann <bmccann@indusriver.com>

References:

RE: Phase 1 Re-keying Implementation Identification

From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>

Prev by Date: RE: Phase 1 Re-keying Implementation Identification
Next by Date: Re: FBI secret police
Prev by thread: RE: Phase 1 Re-keying Implementation Identification
Next by thread: Re: Phase 1 Re-keying Implementation Identification
Index(es):
- Main
- Thread