IETF Logo Mail Archive

Re: doi-07/interoperability questions

Ben Rogers <ben@Ascend.COM> Tue, 10 March 1998 19:08 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id OAA11563 for ipsec-outgoing; Tue, 10 Mar 1998 14:08:01 -0500 (EST)
Date: Tue, 10 Mar 1998 14:20:47 -0500
Message-Id: <199803101920.OAA08417@carp.morningstar.com>
From: Ben Rogers <ben@Ascend.COM>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
Cc: ipsec@tis.com
Subject: Re: doi-07/interoperability questions
In-Reply-To: <3.0.5.32.19980310135454.00959830@homebase.htt-consult.com>
References: <199803101550.KAA08137@carp.morningstar.com> <3.0.5.32.19980310135454.00959830@homebase.htt-consult.com>
Reply-To: ben@Ascend.COM
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Yes.  In fact, I was thinking specifically about gateway to gateway
configurations using both AH and ESP.

Robert Moskowitz writes:
> At 10:50 AM 3/10/98 -0500, Ben Rogers wrote:
> 
> I believe you are talking about where the transforms all end at the same
> system not the case where the transport is end to end and the tunnel is
> gateway to gateway.
> 
> >My other question centers on the use of Encapsulation Mode attributes in
> >combined (AND) proposal transforms.  Namely, it seems obvious that we
> >should support the case where both are transport mode (Case 1.3 in
> >section 4.5 of arch-sec), and not support the case where both are tunnel
> >(probably returning a BAD-PROPSAL-SYNTAX).  However, I'm not too clear
> >as to whether I should support mixed proposals.  My opinion is that it
> >makes sense to support AH (transport) and ESP (tunnel) with the
> >following encapsulation:
> >
> >[IP2][AH][ESP][IP1][upper]
> >
> >and to not support AH (tunnel) and ESP (transport).  Does anyone else
> >have any feelings on this matter?  Whatever we choose probably ought to
> >be added as clarifying text to [IPDOI].
> >
> >
> >ben
> >
> >
> Robert Moskowitz
> ICSA
> Security Interest EMail: rgm-sec@htt-consult.com

v2.30.2 | Report a Bug | By Email | System Status