[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rushed comments on IKEv2 draft
hugh@mimosa.com ("D. Hugh Redelmeier") writes:
> - in IKEv1, there are a few constraints on payload order. In our
> interop testing, we think all implementations sent payloads in the
> order used in the RFC. So this was useless freedom, causing
> more test cases, ones that have probably never been exercised!
> I suggest that the payload order be fully specified.
I disagree. I think it is easier to say that payloads can be any
order. I would like to remove all payload ordering dependecies from
the IKE.
> - viewing all IKE messages as fitting into request/response
> pairs may be a straightjacket. Each message that is neither the
> first nor the last could be designed as as a response to the
> previous message AND a request for the next. On the other hand, the
> pure request/response view may be easier to understand.
I think the pure request/response view is so much easier to understand
and implement the retransmission of the packets correctly that it
justifies its use. There are quite a lot of different things you have
to do properly when doing retranimssions in current IKE that it is
very hard to get them right (and to test all wierd cases).
--
kivinen@ssh.fi
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: