[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] VID for nat traversal



Joern Sierwald writes:

 > Interestingly, we're not using the hash of "draft-ietf-ipsec-nat-t-ike-05" but
 > the hash of "draft-ietf-ipsec-nat-t-ike-05.txt". I checked the cvs to find the
 > reason.
 > 
 > I blame myself.
 > 
 > oh dear. I guess I have to fix something. Now if only I'd know what other 
 > value I should add.
 > 
 > This thread is quite an eye-opener for me, so could we settle on something? 
 > As far as I see it
 > the thing might never go RFC and stay in an endless draft-update-loop. So.
 > What was the last draft version that actually changed something? 05?

The one thing that bothers me is that I started my implementation of
of draft 6 or 7, and there was no mention of using a hash of the
draft, just RFC XXXX to be replaced the actual number. So all of a
sudden, we are using drafts that shouldn't be used as any kind of
standard. No big deal, but maybe that language should not have been
removed from the later drafts.

Also, it seems to be kind of anti-interoperability to work that way,
i.e. only accepting a certain draft. Ideally, this will be an RFC
sometime soon, and we won't have to worry about it. If not, we need to
decide here and now what to use. And to encourage vendors to keep
their code to the latest draft to cut down on interop problem.

As I see it we have 3 choices for vendor id
1)"draft-ietf-ipsec-nat-t-ike-02" - 
["90cb8091 3ebb696e 086381b5 ec427b1f"])"

Windows clients will dominate this space. We should probably make sure
that we work with windows, although I am not too sure how compatible
draft 2 is with draft 8

2)md5("draft-ietf-ipsec-nat-t-ike-05") or
  md5("draft-ietf-ipsec-nat-t-ike-08")

that would seem to be logical for anyone who's implementation is up to
date with the spec

3) md5("RFC XXXX") for the overly literal (myself :) ) or perhaps
something different?

md5("RFC NATT") for example.


If we can't agree now, we will all have to have a fairly large table
of every vendor id that we think works....

chris stillson
IPSEC crypto monkey
x82477

Note: Preceding comments written by an engineer. There is nothing
to read into them. He really has no hidden motives or agendas.

1.Right Understanding 2.Right Thoughts 3.Right Speech 4.Right Action 
5.Right Livelihood 6.Right Effort 7.Right Mindfulness 8.Right Concentration 
--Please inform author if he has forgotten about any of these

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec