[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: divergent interpretations of IKE/IPsec - interop issues



On Fri, 22 Mar 2002, Markku Savela wrote:
> > The order of ESP and AH in the proposal...
> 
> This and some other entries just show that IKE should not do
> bundles. Creates unnecessary combinatory complexties.

No, it says that IKE should not do bundles without good reason.  There is
a cost, but there are also benefits.  Setting up a connection requires
negotiating bundles, not SAs.  If IKE does not do the bundling, something
else must -- manual bundle setup is in general unacceptable.  Please point
to the RFC that defines the something else. 

                                                          Henry Spencer
                                                       henry@spsystems.net