[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] VID for nat traversal

At 12:27 27.04.2004 -0700, Chris Stillson wrote:
[snip]

>As I see it we have 3 choices for vendor id
>1)"draft-ietf-ipsec-nat-t-ike-02" -
>["90cb8091 3ebb696e 086381b5 ec427b1f"])"
>
>Windows clients will dominate this space. We should probably make sure
>that we work with windows, although I am not too sure how compatible
>draft 2 is with draft 8
>
>2)md5("draft-ietf-ipsec-nat-t-ike-05") or
>   md5("draft-ietf-ipsec-nat-t-ike-08")
>
>that would seem to be logical for anyone who's implementation is up to
>date with the spec
>
>3) md5("RFC XXXX") for the overly literal (myself :) ) or perhaps
>something different?
>
>md5("RFC NATT") for example.
>
>
>If we can't agree now, we will all have to have a fairly large table
>of every vendor id that we think works....
>
>chris stillson
>IPSEC crypto monkey
>x82477
>
>Note: Preceding comments written by an engineer. There is nothing
>to read into them. He really has no hidden motives or agendas.
>
>1.Right Understanding 2.Right Thoughts 3.Right Speech 4.Right Action
>5.Right Livelihood 6.Right Effort 7.Right Mindfulness 8.Right Concentration
>--Please inform author if he has forgotten about any of these
>
>_______________________________________________
>Ipsec mailing list
>Ipsec@ietf.org
>https://www1.ietf.org/mailman/listinfo/ipsec

overview:

-00

initial release
does not float to port 4500, ESP uses port 500 as well
one OA payload
NAT-D 130, NAT-OA 131, UDP-Tunnel 61443, UDP-Transport 61443
VID: MD5 hash of "draft-ietf-ipsec-nat-t-ike-00" - ["4485152d 18b6bbcd 
0be8a846 9579ddcc"]

-01

editorial changes to -00
VID: MD5 hash of "draft-ietf-ipsec-nat-t-ike-00" - ["4485152d 18b6bbcd 
0be8a846 9579ddcc"] (sic!)

-02

floats to port 4500
one OA payload
NAT-D 130, NAT-OA 131, UDP-Tunnel 61443, UDP-Transport 61443
VID: MD5 hash of "draft-ietf-ipsec-nat-t-ike-02" - ["90cb8091 3ebb696e 
086381b5 ec427b1f"]

-03

same as -02, repost, VID changes.
VID: MD5 hash of "draft-ietf-ipsec-nat-t-ike-03" - ["7d9419a6 5310ca6f 
2c179d92 15529d56"]

-04

floats to port 4500
one OA payload
NAT-D 15, NAT-OA 16, UDP-Tunnel 3, UDP-Transport 4
VID of unknown value

-05

floats to port 4500
two OA payloads
NAT-D 15, NAT-OA 16, UDP-Tunnel 3, UDP-Transport 4
VID of unknown value

-06, -07, -08

I have read them and found only editorial changes.

Your plan
>1)"draft-ietf-ipsec-nat-t-ike-02" -
>["90cb8091 3ebb696e 086381b5 ec427b1f"])"
can't work, as draft -02 is not compatible with drafts -04 and higher at all.
Assuming you implement the -08.

>md5("draft-ietf-ipsec-nat-t-ike-08")
will be a problem after 10 July 2004 when -09 will be released, as a repost.
Then people with md5("draft-ietf-ipsec-nat-t-ike-09") won't interoperate 
with your
md5("draft-ietf-ipsec-nat-t-ike-08")

md5("draft-ietf-ipsec-nat-t-ike-05") seems practical to me, but not "good".
I will include that in our product anyway. I still hate myself for the 
".txt" incident.
For the record, that'd be 80d0bb3def54565ee84645d4c85ce3ee

md5("RFC NATT"). I like that one. or md5("RFC NAT-T"). or 
md5("draft-ietf-ipsec-nat-t-ike").
Will be a big problem if somebody DOES change the draft again, obviously.

Jörn Sierwald





_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec