[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] Security Considerations (pass 2)
At Mon, 26 May 2003 10:20:45 +0200, Jean-Jacques Puig wrote:
>
> That's good question. Besides, on the server side, section 3.1 mandates:
>
> If no gateway is to be indicated, then the gateway type field MUST be
> zero, and the gateway type MUST be "."
>
> BTW, s/gateway type/gateway field/ ?
The second one, yes ('the gateway type MUST be "."'), good catch.
>
> Is there a peticular difference between the following 2 cases ?
>
> - No gateway (type=0 gateway=".")
> - The gateway is the same as the RR owner (ex: type=1
> gateway=192.0.2.38)
>
> I would take type=0 as a clue that the host will accept transport mode
> SA, and (type != 0 && address == RR_owner) as a clue that the host will
> take only tunnel mode proposals. Is it the original intent ?
Michael will have to speak to intent, but I didn't read it that way.
I read the two cases as semantically equivalent, and had assumed that
the choice of tunnel vs transport mode was something to be negotiated
by the parties involved.
We probably need a sentence in the draft to clarify this, one way or
the other.
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.