[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE V2 Open Issues
Uri Blumenthal <uri@bell-labs.com> writes:
> Yes, your way it's clearer. However Charlie's way is simpler,
> and one less payload type to worry about...
IMHO payload types are cheap.
> I'll be happy with either choice - but lean towards N(COOKIE{cookie})...
I can go either way. I don't feel extremely vetted to one way or the
other.
However, another benefit for using two payload types: it makes it
easier for protocol analyzers like tcpdump or ethereal. They can
differentiate the cookie request N(COOKIE_REQUIRED{cookie}) from a
cookie response N(COOKIE{cookie}) to aid in analysis and debugging...
A small benefit indeed, but a tangible one for, IMHO, little
additional coding. You have to have the code to parse the packet
either way -- whether you look for IKEV2_NOTIFY_COOKIE or
..._COOKIE_REQUIRED is a one-line change.
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com