[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: suites vs. a la carte and IPcomp in IKEv2-05
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Andrew Krywaniuk
> Sent: Friday, February 28, 2003 3:33 PM
> To: ipsec@lists.tislabs.com
> Subject: Re: suites vs. a la carte and IPcomp in IKEv2-05
>
>
> >I think the best way to accomodate this disconnect is with the
> >"gui suites" proposal -- on the wire, send a la carte parameters, but
> >require only the suite combinations to be supported through the
> >management interfaces.
>
> My sentiments exactly.
>
I am sure if I completely understood you, but you are proposing GUI
suites, but require one or more a la carte proposals to be supported? In
that case I would agree with you.
Speaking as someone whose product has a GUI to build proposals! We had
trouble in interop testing with a third party VPN hardware box because
our proposals did not match the only proposal that device would accept.
The GUI helps in building proposals easily, but if the proposal does not
exactly match what the other side would accept, you got problems.
I almost put in a method to analyze received proposals to see if they
could be generated by our GUI.
Cipher suites are important if you want security according to your
needs/requirements and a la carte proposals are important for interop.
Regards,
Jayant
www.trlokom.com
> Andrew
> --------------------------------------
> The odd thing about fairness is when
> we strive so hard to be equitable
> that we forget to be correct.
>
>
>
>
> _________________________________________________________________
> Add photos to your messages with MSN 8. Get 2 months FREE*.
> http://join.msn.com/?page=features/featuredemail