[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: exchange type 6?
You may find it odd but I am not in lockstep with my friends or
co-workers and I don't speak for my company.
Don't you think that the response Derrell received should be the response
you receive?
This has nothing to do with RSA vs DSA as someone who only implemented RSA
would just technically be a non-compliant implementation just like someone
who didn't implement manual keying. Both RSA and DSA have properly assigned
magic numbers. Mode Config or XAUTH or any other mutation of this exchange
did not.
Dan.
On Wed, 21 Feb 2001 14:21:24 EST you wrote
> Oh come on, Dan. Get off your high horse (and stop pretending you had never
> heard of mode config before).
>
> I find it quite odd that you continue to harp on this issue when just a few
> months ago Derrell was asking IANA to make an exception to the assigned
> numbers for AES (see
> http://www.vpnc.org/ietf-ipsec/mail-archive/msg01675.html).
>
> At the last SAAG meeting, someone suggested that we should continue to make
> DSA a MUST in order to punish those people who only implemented RSA.
> However, Jeff made the decision that since there were 5 times as many RSA
> implementations as DSA, it was far more practical just to make RSA a MUST.
>
> People make mistakes. The rules are flexible, so why go out and
> intentionally create an interoperability issue where none existed before
> (remember that this will also punish the people who implement the future
> exchange mode which is legitimately awarded the number 6).
>
> Andrew
> -------------------------------------------
> Upon closer inspection, I saw that the line
> dividing black from white was in fact a shade
> of grey. As I drew nearer still, the grey area
> grew larger. And then I was enlightened.
>
>
> > -----Original Message-----
> > From: owner-ipsec@lists.tislabs.com
> > [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Dan Harkins
> > Sent: Tuesday, February 20, 2001 10:47 PM
> > To: Gaurav Khanna
> > Cc: jeff; ipsec@lists.tislabs.com
> > Subject: Re: exchange type 6?
> >
> >
> > Neither of which make it OK to steal a reserved value. Nortel can
> > do it too and it still isn't right.
> >
> > Dan.
> >
> > On Tue, 20 Feb 2001 18:55:08 PST you wrote
> > > I have seen it in drafts that dont expire till april and have been
> > > implemented elsewhere than cisco.
> > > /Gaurav Khanna
> > >
> > > -----Original Message-----
> > > From: Dan Harkins [mailto:dharkins@potassium.cips.nokia.com]
> > > Sent: Tuesday, February 20, 2001 4:32 PM
> > > To: jeff
> > > Cc: ipsec@lists.tislabs.com
> > > Subject: Re: exchange type 6?
> > >
> > >
> > > A Cisco implementation? That's regrettable. Somebody
> > must've put it
> > > there after I left because I didn't do it. Exchange #6 is
> > reserved for
> > > "ISAKMP Future Use" but a now-expired internet draft used it. The
> > > procedure is to use a "private use" number for drafts and if it is
> > > advanced it is awarded a real number by IANA. It is for
> > this reason--
> > > some drafts have problems and are never advanced so it is unwise to
> > > tie up magic numbers for evolutionary dinosaurs-- that
> > these rules were
> > > put in place.
> > >
> > > Hopefully the next exchange that is advanced will be
> > awarded 6 and all
> > > those people who implemented the now-expired internet draft
> > will be SOL.
> > >
> > > Dan.
> > >
> > > On Tue, 20 Feb 2001 13:13:05 PST you wrote
> > > > Has ISAKMP exchange type #6 been defined? I've seen this
> > > > transmitted by a Cisco IPSec implementation.
> > > >
> > > > Thanks,
> > > >
> > > > Jeff Enderwick
> > > >
> >
>
Follow-Ups:
References: