[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP+AH

To: Russell Harrison <RHarrison@zento.com.au>
Subject: Re: ESP+AH
From: itojun@iijlab.net
Date: Thu, 09 May 2002 09:55:34 +0900
Cc: "'Mike Ruhl'" <mruhl@cips.nokia.com>, ipsec@lists.tislabs.com
In-reply-to: RHarrison's message of Thu, 09 May 2002 09:08:16 +1000. <A090D1CFDEDFB446BD493E0A5462AB28DD4A@persephone.zento.com.au>
Sender: owner-ipsec@lists.tislabs.com

>>If I send an proposal transform of ESP+AH, is it valid to receive the
>>propsal back as AH+ESP (instead of ESP+AH)?
>This will be an implementation specific issue, but it should not be a
>problem.  Irrespective of the ordering of the proposal, the only way it
>makes sense to apply both AH and ESP is [AH][ESP].

	from experiences from past interop tests, i would be much happier if:
	- the order of proposal on IKE packet
	- interpretation of proposal
	are exactly specified in the document.  we saw a lot of varied
	interpretation because of the document's unclarity (like how you
	specify "tunnel" in the proposal).  it is not good to solve protocol
	ambiguity in interop events.  protocol documents must be unambiguous
	enough so that anyone who reads the document will end up in the
	same interpretation.

itojun

References:
- RE: ESP+AH
  - From: Russell Harrison <RHarrison@zento.com.au>

Prev by Date: 2 phases and assorted comments [Re: New SOI features draft]
Next by Date: RE: ESP+AH
Prev by thread: RE: ESP+AH
Next by thread: RE: ESP+AH
Index(es):
- Date
- Thread