[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE V2 Open Issues

To: Uri Blumenthal <uri@bell-labs.com>
Subject: Re: IKE V2 Open Issues
From: Derek Atkins <derek@ihtfp.com>
Date: 10 Apr 2003 21:51:18 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <3E95C826.50000@bell-labs.com>
References: <E193Mu6-0000by-00@think.thunk.org><sjm3ckqqjgj.fsf@kikki.mit.edu> <3E95C826.50000@bell-labs.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1

Uri Blumenthal <uri@bell-labs.com> writes:

> Yes, your way it's clearer. However Charlie's way is simpler,
> and one less payload type to worry about...

IMHO payload types are cheap.

> I'll be happy with either choice - but lean towards N(COOKIE{cookie})...

I can go either way.  I don't feel extremely vetted to one way or the
other.

However, another benefit for using two payload types: it makes it
easier for protocol analyzers like tcpdump or ethereal.  They can
differentiate the cookie request N(COOKIE_REQUIRED{cookie}) from a
cookie response N(COOKIE{cookie}) to aid in analysis and debugging...
A small benefit indeed, but a tangible one for, IMHO, little
additional coding.  You have to have the code to parse the packet
either way -- whether you look for IKEV2_NOTIFY_COOKIE or
..._COOKIE_REQUIRED is a one-line change.

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

Follow-Ups:
- Re: IKE V2 Open Issues
  - From: Uri Blumenthal <uri@bell-labs.com>

References:
- IKE V2 Open Issues
  - From: "Theodore Ts'o" <tytso@mit.edu>
- Re: IKE V2 Open Issues
  - From: Derek Atkins <derek@ihtfp.com>
- Re: IKE V2 Open Issues
  - From: Uri Blumenthal <uri@bell-labs.com>

Prev by Date: Re: draft-ietf-ipsec-ikev2-06.txt
Next by Date: Re: I-D ACTION:draft-ietf-ipsec-sctp-06.txt
Prev by thread: Re: IKE V2 Open Issues
Next by thread: Re: IKE V2 Open Issues
Index(es):
- Date
- Thread