[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] VID for nat traversal
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Chris" == Chris Stillson <Chris.Stillson@eng.sun.com> writes:
Chris> As I see it we have 3 choices for vendor id
Chris> 1)"draft-ietf-ipsec-nat-t-ike-02" - ["90cb8091 3ebb696e
Chris> 086381b5 ec427b1f"])"
It is my understanding that an implementation of -02 will interop with
anything larger, so one should use the above until RFC time.
-00/-01 is a different story.
This is what Openswan does.
Chris> Windows clients will dominate this space. We should probably
Chris> make sure that we work with windows, although I am not too
Chris> sure how compatible draft 2 is with draft 8
We interop with windows clients all the time. We have seen them all
send the -02 VID. I don't know if there is newer code for any of them.
Chris> 2)md5("draft-ietf-ipsec-nat-t-ike-05") or
Chris> md5("draft-ietf-ipsec-nat-t-ike-08")
Chris> that would seem to be logical for anyone who's implementation
Chris> is up to date with the spec
I guess I should diff the specs.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQI7LJoqHRg3pndX9AQE6sQP/V8lx5/bD32Oo4iF4RSs6sNczAPtASDB6
GgwTJdFqkSHNXCo0Fkiq3S/8x58xEUW+fZNcTPt/RcHJi+on5IQp+oINEWukmZqK
z+c3W28zoVRj/5NOjZqqeiPusEA1Y20qpuFKjjzmS953TZb6hYt/dzVJNqi5zPUw
KFpHXMOCWR4=
=48I8
-----END PGP SIGNATURE-----
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec