[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remaining open issues for RFC-2401bis
At 6:38 AM -0800 3/23/04, Joe Touch wrote:
>Stephen Kent wrote:
>>Paul,
>>
>>Since all ID's sent via IKE are used for access control, it seems
>>reasonable to assume that, in general, people have interacted with
>>a management interface to enter these IDs. So, unless there is a
>>need to transmit an arbitrary octet string for ID purposes, it
>>would be more appropriate to constrain this to something that a
>>user has a good chance of getting right.
>>
>>The IKE v2 specs says (page 55)
>>
>> "An opaque octet stream which may be used to pass an account
>> name or to pass vendor-specific information necessary to do
>> certain proprietary types of identification."
>>
>>This hardly sounds like an arbitrary byte string.
>
>"opaque" isn't particularly vague on that point ;-)
>
>It specifies an arbitrary byte string, by definition. There is no
>semantics for the string at the IKE level, so there should be no
>restrictions on its contents.
>
>Joe
See my response to Tero. The IKE text is schizophrenic on the
semantics, and there are interoperability implications with viewing
this in both ways.
Steve