Re: clarification
Henry Spencer <henry@spsystems.net> Wed, 18 March 1998 12:11 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id HAA25937 for ipsec-outgoing; Wed, 18 Mar 1998 07:11:56 -0500 (EST)
Date: Tue, 17 Mar 1998 22:00:45 -0500
From: Henry Spencer <henry@spsystems.net>
To: Charles Lynn <clynn@bbn.com>
cc: ipsec@tis.com
Subject: Re: clarification
In-Reply-To: <199803172252.RAA04389@relay.rv.tis.com>
Message-ID: <Pine.BSI.3.91.980317214840.24160A-100000@spsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
> > opaque has been removed so that freedom is no longer possible. > "Opaque" is still a SHOULD, so the correct statement is... Besides, even if "opaque" *had* been removed, that part of the draft is quite clear that it is specifying *minimum* functionality... so an implementation which feels that it has a need for extra power in its SPD can always provide it. > I have also heard the opaque should be defined... Agreed; context tends to make its meaning clear, but that's not a good substitute for an explicit definition. > However, the IPSec DOI does not currently specify a way to express > OPAQUE (maybe one could define 65535 to mean OPAQUE port and 255 to > mean OPAQUE protocol), so there is an inconsistency here that should > be addressed. I don't understand the inconsistency. How "opaque" is expressed in databases and/or data structures within an IPSEC implementation is an implementation issue. "Opaque" is not an actual port/protocol value -- it never appears in a packet on the wire -- so there is no need for the RFCs to tell you how to express it. The only fact that needs to be pinned down is that it must compare unequal to any actual value (which means that it can't be 65535, unless it is illegal for a TCP/UDP implementation to use 65535 as a real port number, and I don't recall that being the case). Henry Spencer henry@spsystems.net (henry@zoo.toronto.edu)
- Re: clarification Marc Hasson
- clarification rohit
- Re: clarification Charles Lynn
- Re: clarification Marc Hasson
- Re: clarification Charles Lynn
- Re: clarification Paul Koning
- Re: clarification Marc Hasson
- Re: clarification Charles Lynn
- Re: clarification Henry Spencer