[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remaining open issues for RFC-2401bis

To: "Mohan Parthasarathy" <mohanp@sbcglobal.net>
Subject: Re: Remaining open issues for RFC-2401bis
From: Stephen Kent <kent@bbn.com>
Date: Thu, 25 Mar 2004 09:45:00 -0500
Cc: <ipsec@lists.tislabs.com>
In-reply-to: <011301c411f8$08f9b280$6501a8c0@adithya>
References: <21323.1080139608@marajade.sandelman.ottawa.on.ca><00b501c411d7$4290e750$6501a8c0@adithya><p06020411bc8798faccf1@[128.89.89.75]><011301c411f8$08f9b280$6501a8c0@adithya>
Sender: owner-ipsec@lists.tislabs.com

At 3:30 PM -0800 3/24/04, Mohan Parthasarathy wrote:
>
>
>>  At 11:36 AM -0800 3/24/04, Mohan Parthasarathy wrote:
>>  >  >
>>  >>
>>  >>  >>>>> "VPNC" == VPNC  <Paul> writes:
>>  >>      VPNC> No, we don't. We have ways of encoding the display name and
>>  >>      VPNC> the coments, but *not* the address itself (called the
>>  >>      VPNC> "addr-spec"). RFC 822 and 2822 are completely clear on this.
>>  >>
>>  >>    Ah, good point.
>>  >>
>>  >>      >> 2) we could agree to permit UTF-8 in RFC822_ADDR.
>>  >>
>>  >>      VPNC> Doing so and hoping that the Applications Area Directors don't
>>  >>      VPNC> barf is like
>>  >>
>>  >>    Fine. Point made.
>>  >>    So, we need an identifier that can carry UTF-8, is known to carry
>>  >>  UTF-8, and isn't ID_KEY_ID.
>>  >>
>>  >I hope this does not preclude ID_KEY_ID from carrying UTF-8 in an
>>  >opaque way. I think this is what Paul Koning mentioned in an earlier mail.
>>  >
>>
>>  For the reasons cited earlier, I think it is a bad idea to carry
>>  structured data like UTF-8 in what is described as an opaque octet
>>  string. there is no reason to assume that there will be management
>>  interfaces to facilitate entry of the data in a compatible fashion,
>>  even without the encoding options that Paul has pointed out.
>>
>ID_KEY_ID is defined as an opaque octet stream and UTF-8 can be
>carried as an opque stream of bytes where the two ends do a "memcmp" of the
>opaque byte stream to match on the ID contents. Why is this not possible ?
>As i mentioned in the other mail, this content may be dynamically generated.
>Perhaps we need a different ID to carry structured data like UTF8 that will be
>created through mangement interfaces. At least, that is what i understood from
>the emails on this topic.

My comments on management interfaces for this ID type get at the 
heart of the problem, and I'm a bit disappointed that your messages 
seem to keep ignoring that. This discussion has never been about how 
to perform a comparison of the data; it is about whether users and 
admins interacting with different vendor products will have 
appropriate management interfaces to enter the data that is sent and 
that forms the basis for checking, IF the description of the 
semantics of the data were as stated in IKEv2.

Nonetheless, I agree that a good way to resolve this is to change the 
IKE text back to the v1 version, that makes no mention of account IDs 
etc.

Then, if the WG wants, a separate ID type can be created to carriage 
of account info such as login IDs.

Steve

Follow-Ups:
- Re: Remaining open issues for RFC-2401bis
  - From: "Mohan Parthasarathy" <mohanp@sbcglobal.net>

References:
- Re: Remaining open issues for RFC-2401bis
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: Remaining open issues for RFC-2401bis
  - From: "Mohan Parthasarathy" <mohanp@sbcglobal.net>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: "Mohan Parthasarathy" <mohanp@sbcglobal.net>

Prev by Date: RE: EAP Roundtrips (was: Temporary version of the new IKEv2 draft)
Next by Date: Re: Remaining open issues for RFC-2401bis
Previous by thread: Re: Remaining open issues for RFC-2401bis
Next by thread: Re: Remaining open issues for RFC-2401bis
Index(es):
- Date
- Thread