[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (more#4 fwd from ipsec) Re: Handling of IPcomp in IKEv2

To: Paul Koning <pkoning@equallogic.com>
Subject: Re: (more#4 fwd from ipsec) Re: Handling of IPcomp in IKEv2
From: Avram Shacham <shacham@shacham.net>
Date: Fri, 13 Dec 2002 10:26:53 -0800 (PST)
cc: <henry@spsystems.net>, <ippcp@external.cisco.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <15866.6586.939105.224341@pkoning.dev.equallogic.com>
Sender: owner-ipsec@lists.tislabs.com

Paul,

Trying to be crystal clear:  I raised no arguments on the negotiation
mechanism (aka IKEv2), as long as it provides the (also simple)
functionality, i.e. the collection of parameters, that's required to keep
working-code IPComp implementations running.

The differences described in this thread are (a) the content of the 16-bit
CPI, and (b) the optional algorithm parameters.  Adding the capability to
have the above in IKEv2 should be pretty simple.

Regards,
avram

On Fri, 13 Dec 2002, Paul Koning wrote:

> >>>>> "Avram" == Avram Shacham <shacham@shacham.net> writes:
>
>  Avram> Even simpler is to keep existing IPComp implementations
>  Avram> unchanged.
>
> Not true.
>
> That's valid if you leave IKE V1 in place.  IKEv2 is different code
> (much simpler).  Trying to extract the gnarly IPcomp code within IKEv1
> from the larger and even gnarlier IKEv1 body is a lot more work than
> implementing the trivial mechanisms that Charlie & al. have proposed.
>
>      paul
>
>

References:
- Re: (more#4 fwd from ipsec) Re: Handling of IPcomp in IKEv2
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: Re: (more#4 fwd from ipsec) Re: Handling of IPcomp in IKEv2
Next by Date: Re: speaking of keys
Prev by thread: Re: (more#4 fwd from ipsec) Re: Handling of IPcomp in IKEv2
Next by thread: Change of SA source IP address
Index(es):
- Date
- Thread