[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE negotiation/rekeying problem with RSIP

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: IKE negotiation/rekeying problem with RSIP
From: "Mike Borella" <Mike_Borella@mw.3com.com>
Date: Fri, 19 Nov 1999 11:23:25 -0600
cc: gab@sun.com, "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com, "Ylian" <ylian.saint-hilaire@intel.com>
Sender: owner-ipsec@lists.tislabs.com



IMO, this should be clearly explained in the next IKE draft.  And if there's
a reason to go with one approach over the other, that should be documented
as well.  Preferably, the draft should recommend one.

-Mike





Tero Kivinen <kivinen@ssh.fi> on 11/16/99 04:23:45 PM

Sent by:  Tero Kivinen <kivinen@ssh.fi>


To:   gab@sun.com
cc:   "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>,
      ipsec@lists.tislabs.com, "Ylian" <ylian.saint-hilaire@intel.com> (Mike
      Borella/MW/US/3Com)
Subject:  Re: IKE negotiation/rekeying problem with RSIP




Gabriel Montenegro writes:
> the presentation i gave at the ipsec wg to ask for this (the DOI
> document is very explicit about not allowing these port numbers
> to vary, at least for purposes of including themin the hash):

No, the DOI document is very clear that there is only two possible
port numbers for ID payload, any (== zero), or 500. If you use port
ANY (== zero), then you may also use any port you want.
--
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

Prev by Date: RE: Phase 1 Re-keying Implementation Identification
Next by Date: Error recovery?
Prev by thread: Re: IKE negotiation/rekeying problem with RSIP
Next by thread: A test
Index(es):
- Main
- Thread