[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: divergent interpretations of IKE/IPsec - interop issues
On Fri, 22 Mar 2002, Markku Savela wrote:
> > The order of ESP and AH in the proposal...
>
> This and some other entries just show that IKE should not do
> bundles. Creates unnecessary combinatory complexties.
No, it says that IKE should not do bundles without good reason. There is
a cost, but there are also benefits. Setting up a connection requires
negotiating bundles, not SAs. If IKE does not do the bundling, something
else must -- manual bundle setup is in general unacceptable. Please point
to the RFC that defines the something else.
Henry Spencer
henry@spsystems.net