[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTION: 6.2 Port number

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: SOI QUESTION: 6.2 Port number
From: Henry Spencer <henry@spsystems.net>
Date: Fri, 12 Jul 2002 12:07:58 -0400 (EDT)
In-Reply-To: <E17Skbt-0001OR-00@think.thunk.org>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 11 Jul 2002, Theodore Ts'o wrote:
> 6.2.A) Should SOI use the same port as IKEv1?

Desirable if the details permit software that is aware of SOI to easily
tell the two protocols apart, e.g. version number in the same place or
some other explicitly-defined, reliable strategy for distinguishing the two. 

Otherwise undesirable.  Different protocols should have different ports.

The "avoid timeout" argument in soi-features-01 assumes that the other end
sends some sort of "huh?" reply on receiving stuff it doesn't understand.
Some IKE implementations just log and discard, so a timeout is still needed.

I would add:  the SOI port should be solely for SOI (and possibly its
ancestors/descendants).  It should be off limits to other random protocols,
e.g. NAT traversal.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- SOI QUESTION: 6.2 Port number
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: RE: SOI QUESTIONS: 5.1-5.2
Next by Date: RE: SOI QUESTION: 5.2 Scope of proposals
Prev by thread: Re: SOI QUESTION: 6.2 Port number
Next by thread: Re: SOI QUESTION: 6.2 Port number
Index(es):
- Date
- Thread