[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suites vs. a la carte and IPcomp in IKEv2-05

To: Henry Spencer <henry@spsystems.net>
Subject: Re: suites vs. a la carte and IPcomp in IKEv2-05
From: Abraham Shacham <shacham@trpz.com>
Date: Mon, 03 Mar 2003 00:05:43 -0800
CC: IP Security List <ipsec@lists.tislabs.com>, Dan Harkins<dharkins@trpz.com>, ippcp <ippcp@external.cisco.com>
References: <Pine.BSI.3.91.1030228200614.7574B-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408


Nowhere in the IKEv2 I-D the issue of using IPComp CPIs from
the pre-assigned transform ID range is mentioned, afaik.

On the other hand, IPCOMP-SUPPORTED (page 54) seems to provide all
the parameters available via IKEv1, namely 16-bit CPI, 8-bit transform ID,
and optional attributes:

         IPCOMP-SUPPORTED                         24581

             This notification may only be included in a message
             containing an SA payload negotiating a CHILD-SA and
             indicates a willingness by its sender to use IPcomp on this
             SA. The data associated with this notification includes a
             two byte IPcomp CPI followed by a one octet transform ID
             optionally followed by attributes whose length and format is
             defined by that transform ID. A message proposing an SA may
             contain multiple IPCOMP-SUPPORTED notifications to indicate
             multiple supported algorithms. A message accepting an SA may
             contain at most one.


Please note that using a CPI from the predefined range has its limitation,
as the implementation notes in RFC-3173 detail.

Regards,
avram


Henry Spencer wrote:
> On Fri, 28 Feb 2003, Dan Harkins wrote:
> 
>>  You do have to agree on something. Namely, which of the 3 possible
>>compression algorithms you will be using to uncompress the data
>>you receive...
> 
> 
> No, there is no need for negotiated agreement on that.  It suffices that
> the other end sends with an algorithm you have advertised your willingness
> to uncompress with.  (Since compression is *always* at the sender's option,
> the receiver can never require it.)
> 
> Only if the algorithms involve non-trivial parameters that the two ends
> must agree on (and which there is no reasonable default for) is actual
> negotiation more or less required.
> 
> 
>>and what CPI will be used in the IPcomp header that
>>encapsulates that compressed data.
> 
> 
> There is no need for negotiated agreement on that either, since there are
> pre-assigned CPIs for the standard algorithms. 
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
> 
>

Follow-Ups:
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: The CR payload still
Next by Date: Re: Another NAT Traversal question
Prev by thread: RE: suites vs. a la carte and IPcomp in IKEv2-05
Next by thread: Re: suites vs. a la carte and IPcomp in IKEv2-05
Index(es):
- Date
- Thread