[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec error protocol
Hi Fred,
Frédéric Detienne wrote:
>
> Hi Scott, Andrew, List,
>
> Candid questions:
>
> a. Do I have to copy paste the whole ISAKMP and IKE RFC's and add
> two new payloads + usage or can I define them in the draft only ?
>
I think you can make the draft brief, and just include the relevant
payloads. The point is to communicate all the details of your proposal
in one place so that everyone has the same basis for discussion. I
wouldn't worry too much about form unless you get sufficient interest in
your ideas to justify the work.
> b. Andrew says "Many of these are due to existing problems with IKE, but since we are not allowed to change IKE, we cannot ignore them.". Sorry if I missed something previously but why are not we allowed to change IKE ?
>
There is son-of-ike work pending in the ipsec working group, so I'd say
ike is going to undergo some sort of revision. I don't know if
additional payloads for this functionality would be acceptable or not,
but there is only one way to find out. I think what Andrew is referring
to is that the ipsra group is supposed to favor remote access solution
mechanisms which do not require ike modifications.
Scott
> Thanks,
>
> fred
>
> "Scott G. Kelly" wrote:
> >
> > Hi Frederic,
> >
> > Frédéric Detienne wrote:
> > <much trimmed...>
> > > Sorry but until someone attacks our method, I find it much faster, safer
> > > and more homogeneous. And btw, I have not received any technical comment
> > > on this yet... still waiting. Anyone ?
> > >
> >
> > The best way to get comprehensive comments is to write up a draft and
> > submit it for target practice :-)
> >
> > Scott
References: