Re: question about draft-ietf-ipsec-nat-t-ike-07

[Tero Kivinen <kivinen@ssh.fi>]

Joshua Graessley writes:
> In other words, until this is published as an RFC there can be no 
> interoperable implementations. This wouldn't be a problem if it didn't 

Yep. 

> take so long for something to go from a draft to an RFC. As it is, a 
> number of vendors have implemented something (they had to ship 
> eventually) based on these drafts and used different vendor id codes. 

Most of the vendors who have shipped NAT-T have been using the vendor
ID's from the previous draft WITH the numbers from the previous draft.
Those drafts used numbers from the private use space, thus along with
the vendor IDs in the drafts they can interoperate. There have been
couple of different vendor ID codes and different numbers and little
bit different protocol for each of them.

Draft-ietf-ipsec-nat-t-ike-04 tells also those previous vendor IDs and
numbers, but that was removed after that, as the protocol was actually
changed a bit thus implementations need more changes than simply
change of numbers and vendor IDs. 

> The result is implementations that would probably interoperate just 
> fine if only they used the same vendor id codes.

The reason there is no vendor ID code is to make sure that nobody will
implement the protocol using the IANA allocated numbers (or what is
the proposal for the IANA to allocate those numbers, as those numbers
are not yet allocated, in theory they could still change), i.e the
numbers not from the private use space.

The drafts are now on the IETF Last Call, so hopefully they will go
forward to RFC soon.
-- 
kivinen@ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/