[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE v2 Requirements and backwards compatability

To: IETF-IPSec <ipsec@lists.tislabs.com>
Subject: Re: IKE v2 Requirements and backwards compatability
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Wed, 19 Dec 2001 09:22:36 -0500
In-Reply-To: <Pine.BSI.3.91.1011217195516.7263c-100000@spsystems.net>
References: <Pine.BSI.3.91.1011217195516.7263c-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

At 8:15 PM -0500 12/17/01, Henry Spencer wrote:
>Fortunately, ISAKMP includes a
>version number and mandates rejecting packets with unknown versions,

Well, it's a SHOULD, not a MUST. RFC 2408, section 3.1:

        Implementations SHOULD
        never accept packets with a major version number larger than its
        own.

But I think we can ignore that difference and assume that if any 
implementation does accept packets with a version higher than 1 are 
poorly designed.

--Paul Hoffman, Director
--VPN Consortium

References:

Re: IKE v2 Requirements and backwards compatability

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: IKE v2 Requirements and backwards compatibility
Next by Date: Re: IKE v2 Requirements and backwards compatability
Prev by thread: Re: IKE v2 Requirements and backwards compatability
Next by thread: Re: IKE v2 Requirements and backwards compatability
Index(es):
- Main
- Thread