[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE V2 Open Issues
At 3:24 PM -0400 4/11/03, Theodore Ts'o wrote:
>Barbara and I believe that the list of algorithms and numbers which is
>used to seed the IANA registry should stay in the ikv2 document:
>
> For Transform Type 1 (Encryption Algorithm), defined Transform IDs
> are:
>
> Name Number Defined In
> RESERVED 0
> ENCR_DES_IV64 1 (RFC1827)
> ENCR_DES 2 (RFC2405)
> ENCR_3DES 3 (RFC2451)
> ENCR_RC5 4 (RFC2451)
> ENCR_IDEA 5 (RFC2451)
> ...
>
>The reasoning is that there are other assigned numbers in the ikev2
>document, and keeping the initial list in the ikev2 specs will be more
>convenient for implementors.
None of the "other assigned numbers" are dealt with in Jeff's
document; these are.
Implementers *have* to read both documents. They cannot implement the
mandatory algorithms without reading Jeff's document. Thus, having
the algorithm identifiers in the same document as the explanations of
what is mandatory makes more sense than putting the numeric values in
one document and the protocol description of the values (what is
mandatory and what is not) in a different document.
> As with all of the other initial
>assigned number lists, the list kept by the IANA can be extended in
>the future without needing to revise the ikev2 document.
Assuming everything goes cleanly, that's correct. VPN vendors have
seen this not go cleanly. If we choose to change the mandatory or
suggested values in Jeff's document to something that is not in the
base document, we'll then have numbers in *both* documents in the
future; that's a mess. If we start off with all of initial registries
in Jeff's document, revising Jeff's document will be cleaner.
--Paul Hoffman, Director
--VPN Consortium