Re: Phase 1 Re-keying Implementation Identification

[Paul Koning <pkoning@xedia.com>]

It seems to me you're suggesting I'm objecting to the use of vendor ID 
as a feature indicator for reasons of purism.  That's not correct.

The bigger issue is that it's not going to work.

Optional features are a set, and you can't use a boolean or
enumeration to describe them.  You need an encoding that can represent 
the subset each side implements (or wants to use).  A bitmap will do
that, but a vendor ID cannot.

Let's step away from the temptation to throw together a quick and
dirty hack that won't solve the problem.  The argument of "cleaner and 
more pragmatic" doesn't fly.  

This sort of requirement has been handled in dozens of protocols for
several decades now, it can't be hard or time consuming to nail down
the right way to do it this time.  With a bit of care and a bit of
luck, it can be done in a way that doesn't cause nasty disruption to
existing implementations.

	paul

---

Follow-Ups:

• Re: Phase 1 Re-keying Implementation Identification
• From: tytso@mit.edu

References:

• RE: Phase 1 Re-keying Implementation Identification
• From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>
• RE: Phase 1 Re-keying Implementation Identification
• From: Paul Koning <pkoning@xedia.com>
• Re: Phase 1 Re-keying Implementation Identification
• From: tytso@mit.edu

---

• Prev by Date: Re: Error recovery?
• Next by Date: IPComp rfc2393bis-00
• Prev by thread: Re: Fixing IKE Phase 1 Authentication HASH
• Next by thread: Re: Phase 1 Re-keying Implementation Identification
• Index(es):
  • Main
  • Thread