[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Notify SPI field specifications



On Tue, 04 Sep 2001 11:07:05 EDT you wrote
> 
> I've seen documentation split up in order to "clarify things," and I've seen
> the same documents consolidated in order to "clarify things." The second
> generation of documents is rarely any better than the first, usually because
> it was written with a reactionary and/or idealistic mindset. The same result
> usually applies to second generation code as well, mostly for the same
> reasons.

Which group of documents were both consolidated and split up to "clarify
things"? It would be very interesting to compare the outcomes. A hint on
the mindset ("reactionary and/or idealistic") for both outcomes would also
be quite interesting. Please provide pointers to these documents.

> Instead of being a focused protocol description, [IKE] is more of a mishmash
> of all the bits and pieces that were left open by [ISAKMP]. Why are the DH
> groups copied here, and not just referenced in the DOI like the ciphers? 

I don't think you understand....

IKE was supposed to be a generic exchange under which multiple DOIs could 
be implemented. It has to create its own SA which is different than the 
DOI-defined SA and therefore has to be able to do this independent of any 
DOI. The DH groups are critical to establishing the IKE SA! They cannot 
just be referenced in a DOI! If there were copied from anywhere they were
copied from Oakley, not ISAKMP (or even [ISAKMP]). Similarly the ciphers
necessary to construct the IKE SA are defined in IKE. They are not "just
referenced in the DOI".

I think it is safe to say that there are more people than just you who did 
not or do not understand how these things were done so let me point out
again that if these layers go away these misunderstandings about the layers
do too. 

  Dan.

"I personally think it is very dangerous to organize
 referendums when you're not sure to win them"
   -- Louis Michel, President of the European Union



References: