Re: IKE V2 Open Issues

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

At 3:24 PM -0400 4/11/03, Theodore Ts'o wrote:
>Barbara and I believe that the list of algorithms and numbers which is
>used to seed the IANA registry should stay in the ikv2 document:
>
>    For Transform Type 1 (Encryption Algorithm), defined Transform IDs
>    are:
>
>           Name                     Number           Defined In
>           RESERVED                    0
>           ENCR_DES_IV64               1              (RFC1827)
>           ENCR_DES                    2              (RFC2405)
>           ENCR_3DES                   3              (RFC2451)
>           ENCR_RC5                    4              (RFC2451)
>           ENCR_IDEA                   5              (RFC2451)
>		...
>
>The reasoning is that there are other assigned numbers in the ikev2
>document, and keeping the initial list in the ikev2 specs will be more
>convenient for implementors.

None of the "other assigned numbers" are dealt with in Jeff's 
document; these are.

Implementers *have* to read both documents. They cannot implement the 
mandatory algorithms without reading Jeff's document. Thus, having 
the algorithm identifiers in the same document as the explanations of 
what is mandatory makes more sense than putting the numeric values in 
one document and the protocol description of the values (what is 
mandatory and what is not) in a different document.

>   As with all of the other initial
>assigned number lists, the list kept by the IANA can be extended in
>the future without needing to revise the ikev2 document.

Assuming everything goes cleanly, that's correct. VPN vendors have 
seen this not go cleanly. If we choose to change the mandatory or 
suggested values in Jeff's document to something that is not in the 
base document, we'll then have numbers in *both* documents in the 
future; that's a mess. If we start off with all of initial registries 
in Jeff's document, revising Jeff's document will be cleaner.

--Paul Hoffman, Director
--VPN Consortium