[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suggested clarification regarding port handling in ike



   From: Gabriel.Montenegro@eng.sun.com (Gabriel Montenegro)
   Date: Tue, 23 Nov 1999 00:33:02 -0800

	   1. content of id payload with respect to port numbers:
		   port 500 or 0 are ok. 0 means 'other-than-500'
	   2. protocol handling (a transport issue):
		   use the common "swap src/dst port and reply" 

   #1 should go in the doi (id payload content).
   #2 should go in isakmp (i think), given that it talks about transport
   issues and not at all about payload contents.

Yes, now I see what you mean.  Indeed, it does makes sense to put "use
the common 'swap src/dst port and reply" in the ISAKMP document (#2),
and the contents of the id payload should go in the DOI document, along
with the rest of the definition of the id payload (#1)

   having these in separate places would hardly be considered a clarification,
   so perhaps the blurb that mentions both should go in ike. after all,
   ike is where it all comes together (ike defers to doi for payload
   content items such as #1, and to isakmp for transport issues such
   as #2). 

   so why not add a clarifying blurb into the current ike document?

A clarification in the IKE document would be a good thing; but if the
ISAKMP document doesn't spell out the "swap src/dst port and reply"
normatively, it probably should.  Whether we make this change now or
wait until we advance the ISAKMP document up the standards track and
make it as an editorial change is something we can discuss.

   ps - if you agree with the above analysis, would it be ok with you
   if i shared this with the alias? 

No need; I've cc'ed the ipsec mailing list on my reply.

						- Ted