[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: exchange type 6?

To: <ipsec@lists.tislabs.com>
Subject: RE: exchange type 6?
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Fri, 23 Feb 2001 06:19:53 -0500
Importance: Normal
In-Reply-To: <200102220808.f1M88a659938@potassium.cips.nokia.com>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

Steve,

Actually, I think that allocating a number to "deprecated" or "historical"
does not give a protocol credence in the eyes of users. In fact, quite the
opposite.

Dan,

Mail to "dharkins@potassium.cips.nokia.com" is bouncing. You may want to
look into this.

If an individual makes deliberate, repeated attempts to circumvent the IANA
process then I agree that those numbers should not be registered. However,
in cases like config mode or ripemd or group 5 where the mistake was
probably accidental and several other implementers have also used the
number, possibly whilst ignorant of the fact that it wasn't officially
registered, I don't think it is *SENSIBLE* to reuse the number for something
else.

According to Paul's scheme, I guess this makes me a member of religion #2.

You have suggested that I might not be acting in good faith, but if you
remember I even wrote a draft
(draft-krywaniuk-ipsec-attribute-exchange-00.txt) which suggests a way to
solve this issue without causing an interoperability nightmare.

Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Dan Harkins
> Sent: Thursday, February 22, 2001 3:09 AM
> To: wprice@cyphers.net
> Cc: ipsec@lists.tislabs.com
> Subject: Re: exchange type 6?
>
>
>   Implementors of XAUTH will be in for a huge compatibility nightmare
> as _they_ will be the ones at fault. Then they'll have to do the same
> thing that people did who erroneously assumed that RIPEMD-160 would
> be awarded the value 5.
>
>   It might be a fait accompli if this was news but the
> improper use of
> this exchange type was discussed over 2 years ago when the number of
> people implementing XAUTH (or mode config or whatever) was enough to
> count on one hand and still be able to simultaneously pick your nose
> and suck your thumb. So now all these vendors ignored that fact and
> chose to implement it as 6 anyway and it's supposed to be OK? Saying,
> "but everyone's doing it" never worked for me. Has it ever worked for
> anyone else?
>
>   We've already had a case where magic numbers were
> improperly assigned
> to new Diffie-Hellman groups and now the improper use of a
> still reserved
> number is supposed to be condoned? Can you explain when these
> rules are
> really supposed to matter?
>
>   Dan.
>
> On Wed, 21 Feb 2001 20:34:25 PST you wrote
> > At the last bakeoff, it seemed like every commercial vendor
> I spoke with
> > was implementing both config mode and xauth.  Most had one or both
> > already, others were hard at work on it and all were eager
> to test it.
> >
> > There's got to be a point at which a working group decision
> not to endorse
> > something has to take into account the fact that most deployed
> > implementations of the standard are in fact using exchange
> type 6 for this
> > purpose (quite happily I believe), and that efforts to deny
> that are at
> > this point just not going to be fruitful and only add
> confusion to the
> > working group. Were a different standard to be allocated
> that exchange
> > type in the future, implementors of said standard would be
> in for a huge
> > compatibility nightmare. For better or worse, these drafts
> have been mass
> > deployed by many vendors, and that seems very unlikely to slow down.
> >
> >
> >
> > Stephen Kent wrote:
> > >
> > > At 5:24 PM -0500 2/21/01, Andrew Krywaniuk wrote:
> > > >  >   Don't you think that the response Derrell received should
> > > >  > be the response
> > >  > you receive?
> > > >
> > > >No, I thought the WG and IANA should have accomodated
> Derrell's request.
> > > >
> > > >I believe it is more important to be sensible than to be
> consistent. Others
> > > >may disagree.
> > > >
> > > >Reserving exchange mode 6 doesn't mean the WG has to
> give credence to confi
> >g
> > > >mode. They can allocate it as "deprecated" for all I care.
> > > >
> > >
> > > I tend to agree with Dan here, although there is
> legitimate room for
> > > disagreement. Formally allocating a number to a proposed anything
> > > gives it credence in the eyes of many users. Some folks feel that
> > > it's OK to do this allocation even if the proposed thing does not
> > > become a standard, e.g., to facilitate testing etc.
> > >
> > > Personally I vote for sensible AND consistent :-)
> > >
> > > Steve
> >
> > --
> >
> > Will Price, Director of Engineering
> > PGP Security, Inc.
> > a division of Network Associates, Inc.
>

Follow-Ups:

RE: exchange type 6?

From: Stephen Kent <kent@bbn.com>

References:

Re: exchange type 6?

From: Dan Harkins <dharkins@potassium.cips.nokia.com>

Prev by Date: Re: On the Use of SCTP with IPsec
Next by Date: RE: exchange type 6?
Prev by thread: Re: exchange type 6?
Next by thread: RE: exchange type 6?
Index(es):
- Main
- Thread