[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] VID for nat traversal

To: Chris Stillson <Chris.Stillson@eng.sun.com>
Subject: Re: [Ipsec] VID for nat traversal
From: Tero Kivinen <kivinen@iki.fi>
Date: Wed, 28 Apr 2004 15:02:30 +0300
Cc: ipsec@ietf.org
In-reply-to: <20040427192757.GA760706@jurassic.eng.sun.com>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <20040427192757.GA760706@jurassic.eng.sun.com>
Sender: ipsec-admin@ietf.org

Chris Stillson writes:
> The one thing that bothers me is that I started my implementation of
> of draft 6 or 7, and there was no mention of using a hash of the
> draft, just RFC XXXX to be replaced the actual number. So all of a
> sudden, we are using drafts that shouldn't be used as any kind of
> standard. No big deal, but maybe that language should not have been
> removed from the later drafts.

The reason why there was no VID was that NOBODY WAS SUPPOSED TO
IMPLEMENT THAT DRAFT. The numbers mentioned in the draft was not yet
officially allocated from the IANA, but was simply next available
numbers at that time. The numbers WILL change when they are officially
allocated, as those numbers have already been reserved, thus we cannot
use the same numbers.

I made mistake and added the official numbers and removed the VID
because I tought that this is going to be the last version and it will
be out as an RFC soon, thus we will get the proper VID and official
numbers soon.

That didn't happen, thus this problem come up.

Anyways if you want to implement the NAT-T now, implement it as
specified in the draft-ietf-ipsec-nat-t-ike-03.txt along with the VID
found there, and with the private address space numbers. There should
not be any real changes to the protocol since. The final payload etc
numbers will be different, and the VID will be different, but 03 is
the version you should be using. 

> As I see it we have 3 choices for vendor id
> 1)"draft-ietf-ipsec-nat-t-ike-02" - 
> ["90cb8091 3ebb696e 086381b5 ec427b1f"])"
> Windows clients will dominate this space. We should probably make sure
> that we work with windows, although I am not too sure how compatible
> draft 2 is with draft 8

You should also understand 03 VID:

"draft-ietf-ipsec-nat-t-ike-03"
"7d9419a6 5310ca6f 2c179d92 15529d56"

If I remember correctly the protocols are still same. 

> 2)md5("draft-ietf-ipsec-nat-t-ike-05") or
>   md5("draft-ietf-ipsec-nat-t-ike-08")
> that would seem to be logical for anyone who's implementation is up to
> date with the spec

No, you SHOULD NOT use those numbers, nor those drafts as the numbers
currently defined there overlaps some other use. 

> 3) md5("RFC XXXX") for the overly literal (myself :) ) or perhaps
> something different?

No. Should wait until we really have the RFC number available and
official numbers allocated. It should now be so far in the RFC
process, that it shouldn't take that long anymore. 
-- 
kivinen@safenet-inc.com

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

References:
- Re: [Ipsec] VID for nat traversal
  - From: Chris Stillson <Chris.Stillson@eng.sun.com>

Prev by Date: Re: [Ipsec] VID for nat traversal
Next by Date: Re: [Ipsec] VID for nat traversal
Previous by thread: RE: [Ipsec] VID for nat traversal
Next by thread: RE: [Ipsec] VID for nat traversal
Index(es):
- Date
- Thread