[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTION: 6.3 Future versions of the protocols

To: ipsec@lists.tislabs.com
Subject: Re: SOI QUESTION: 6.3 Future versions of the protocols
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 12 Jul 2002 16:47:55 -0400
In-reply-to: Your message of "Fri, 12 Jul 2002 08:06:55 EDT." <E17SzCJ-0001rN-00@think.thunk.org>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Theodore" == Theodore Ts'o <tytso@mit.edu> writes:
    Theodore> Here are the last set of questions, for your reading pleasure while you
    Theodore> fly across the Pacific Ocean.  :-)  (Sorry I won't be able to join those
    Theodore> of you who will be going to Yokohama; this will be the first IETF I've
    Theodore> missed in something like ten years.)

  Speaking of which - anyone got a multicast feed they could share?

    Theodore> 6.3 Future versions of the protocols

    Theodore> 6.3.A) Should SOI have a mechanism for demanding/requesting that a
    Theodore> peer use a particular version of IKE/SOI to allow upgrading to new
    Theodore> versions?

  I'm not sure that I understand the question.
  It presumes that SOI runs on the same port (which I support) and that it
carry version info (also a good idea).

  Obviously when an IKEv1 initiators to a SOI, there are two possible
responses:
	1) responder drops to IKEv1 mode.
	2) responder refuses to negotiate

  I don't see how we can tell an IKEv1 to do anything that it doesn't already
do. (So, we can send an un-authenticated Notify that says "I only do SOI
v2.6", but that's about it)

  When an SOI initiates to an IKEv1, if one is lucky, one gets an IKEv1
message complaining about wrong versions, etc. What else can one do there?

  Now, if you are talking about SOI v2 talking to SOIv3, we might design
something.

  There is a third possibility:

  Always initiate with something that looks like IKEv1 with a proposal that
is SOI specific, or a vendorID that says "I can do SOI". An aware responder
then sees that and initiates or replies in a useful way to switch to SOI.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

  
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPS9AdoqHRg3pndX9AQHaCgP/TLXdI8YeN7h4fYrP6e9Xv7i7lVcRGmFU
qrzCKVgh5Sw5ipbtpkzrAo2GYq/f73HQM1Dty0joe9AMvng4oVtRznRVRQmdSLiL
1zhE7mqdFDD0myWAyh4YxHy5aWSvKx2IR3Zmjd5uEk+eXcd1HHoMasXD/cfuY2GP
IRh7w5mVTI0=
=v3uS
-----END PGP SIGNATURE-----

References:
- SOI QUESTION: 6.3 Future versions of the protocols
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: SOI QUESTION: 5.3 SPD entries
Next by Date: Re: Agenda Items Solicitation
Prev by thread: SOI QUESTION: 6.3 Future versions of the protocols
Next by thread: Re: SOI QUESTION: 6.3 Future versions of the protocols
Index(es):
- Date
- Thread