[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rushed comments on IKEv2 draft



hugh@mimosa.com ("D. Hugh Redelmeier") writes:
 > - in IKEv1, there are a few constraints on payload order.  In our
 >   interop testing, we think all implementations sent payloads in the
 >   order used in the RFC.  So this was useless freedom, causing
 >   more test cases, ones that have probably never been exercised!
 >   I suggest that the payload order be fully specified.

I disagree. I think it is easier to say that payloads can be any
order. I would like to remove all payload ordering dependecies from
the IKE. 

 > - viewing all IKE messages as fitting into request/response
 >   pairs may be a straightjacket.  Each message that is neither the
 >   first nor the last could be designed as as a response to the
 >   previous message AND a request for the next.  On the other hand, the
 >   pure request/response view may be easier to understand.

I think the pure request/response view is so much easier to understand
and implement the retransmission of the packets correctly that it
justifies its use. There are quite a lot of different things you have
to do properly when doing retranimssions in current IKE that it is
very hard to get them right (and to test all wierd cases). 

-- 
kivinen@ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/



References: