[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WG Last call: draft-ietf-ipsec-isakmp-gss-auth-05.txt

To: ddp@network-alchemy.com (Derrell Piper), briansw@microsoft.com (Brian Swander)
Subject: WG Last call: draft-ietf-ipsec-isakmp-gss-auth-05.txt
From: Sheela Rowles <srowles@cisco.com>
Date: Thu, 30 Mar 2000 17:57:44 -0800 (PST)
Cc: tytso@valinux.com (Theodore Tso), srowles@cisco.com (Sheela Rowles), ipsec@lists.tislabs.com (IPSec List)
Sender: owner-ipsec@lists.tislabs.com

 Derrell and Brian (Swander),

My understanding is that the isakmp-gss draft is an informational draft,
that basically documents one vendor's implementation (Microsoft).
As it turns out, we are also implementing the draft (we = Cisco),
and so wondered if this should be considered as a future RFC rather
than an informational draft.   Is there anyone else out there
who plans to implement this?

In any case, since this is an informational draft (documenting 
Microsoft's work in this area, the draft needs to be modified
to reflect some differences between the draft and Microsoft's 
current implementation:

1.   The draft currently mentions that exchanging an attribute 
in the first exchange 'may' be done, but as far as I can
tell, there is no easy way to interoperate with MS unless
this is done.  It seems this should be a 'must'.   

2. Currently MS has implemented this attribute as a wide character
string, so the spec should specify that.  My understanding is that
MS will be adding the one-byte character strings but this is not
true in the current WIN2K release.

3. Finally, the vendor ID doesn't match. MS currently has the
vendorid implemented as "GSSAPI" while the spec has a different
vendor id specified.

thanks.
Sheela

Prev by Date: RE: Heartbeats draft (fwd)
Next by Date: IPSec vs SSL
Prev by thread: Re: WG Last call: draft-ietf-ipsec-isakmp-gss-auth-05.txt
Next by thread: Re: Future ISAKMP Denial of Service Vulnerablity Needs Addressing
Index(es):
- Main
- Thread