[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Security Considerations (pass 2)



At Mon, 26 May 2003 10:20:45 +0200, Jean-Jacques Puig wrote:
> 
> That's good question. Besides, on the server side, section 3.1 mandates:
> 
> If no gateway is to be indicated, then the gateway type field MUST be
> zero, and the gateway type MUST be "."
> 
> BTW, s/gateway type/gateway field/ ?

The second one, yes ('the gateway type MUST be "."'), good catch.
> 
> Is there a peticular difference between the following 2 cases ?
> 
> - No gateway (type=0 gateway=".")
> - The gateway is the same as the RR owner (ex: type=1
>   gateway=192.0.2.38)
> 
> I would take type=0 as a clue that the host will accept transport mode
> SA, and (type != 0 && address == RR_owner) as a clue that the host will
> take only tunnel mode proposals. Is it the original intent ?

Michael will have to speak to intent, but I didn't read it that way.
I read the two cases as semantically equivalent, and had assumed that
the choice of tunnel vs transport mode was something to be negotiated
by the parties involved.

We probably need a sentence in the draft to clarify this, one way or
the other.
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.