[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Michael's comments on ikev2 draft

To: Andrew Krywaniuk <andrew.krywaniuk@alcatel.com>
Subject: RE: Michael's comments on ikev2 draft
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 18 Dec 2001 22:15:47 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <002901c1882a$86f54730$8e2cb440@andrewk3.ca.newbridge.com>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 18 Dec 2001, Andrew Krywaniuk wrote:
> The problem is that the WG never standardized on an interoperable rekeying
> behaviour. We follow the now-expired Tim Jenkins rekeying draft, but others
> have invented at least 3 other distinct rekeying techniques. Fortunately,
> where incompatibilities exist, they are mostly fixed by the reception of a
> delete. The delete may be unreliable, but it still gets there most of the
> time...

This I will agree with.  While I believe that any implementation which
relies on getting Deletes is unquestionably and inarguably broken -- not
just different but verifiably *wrong* -- I concur that (a) such defective
implementations do exist, (b) sending Delete improves interoperability
with them, (c) much grief would have been avoided had these issues
received proper attention in the standard, and (d) the next standard
should not repeat the mistake.

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Michael's comments on ikev2 draft

From: Derek Atkins <warlord@mit.edu>

References:

RE: Michael's comments on ikev2 draft

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Re: IKE v2 Requirements and backwards compatability
Next by Date: Oakley groups
Prev by thread: RE: Michael's comments on ikev2 draft
Next by thread: Re: Michael's comments on ikev2 draft
Index(es):
- Main
- Thread