Re: draft-ietf-ipsec-ike-ext-meth-01.txt
Tero Kivinen <kivinen@ssh.fi> Tue, 06 July 1999 19:21 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA23880; Tue, 6 Jul 1999 12:21:46 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA08902 Tue, 6 Jul 1999 13:39:33 -0400 (EDT)
Date: Tue, 06 Jul 1999 20:39:27 +0300
Message-Id: <199907061739.UAA26678@torni.ssh.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
From: Tero Kivinen <kivinen@ssh.fi>
To: Valery Smyslov <svan@trustworks.com>
Cc: ipsec@lists.tislabs.com
Subject: Re: draft-ietf-ipsec-ike-ext-meth-01.txt
In-Reply-To: <199907050722.LAA20287@relay1.trustworks.com>
References: <199906281236.QAA03140@relay1.trustworks.com> <199907040311.GAA19614@torni.ssh.fi> <199907050722.LAA20287@relay1.trustworks.com>
X-Mailer: VM 6.34 under Emacs 19.34.2
Organization: SSH Communications Security Oy
X-Edit-Time: 7 min
X-Total-Time: 6 min
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Valery Smyslov writes: > Yes, but KE protocol is currently encoded not in Proposal ID (that, > right, must be only one within SA payload and must be equal > PROTO_ISAKMP), but in Transform ID. It is absolutely legal to have > multiple transforms with (possibly) different IDs within that single > proposal payload. Currently only KEY_IKE is defined, but things might True, I mixed PROTO_ISAKMP with KEY_IKE. > > There might be limitiations in mixing the version numbers, but in > > general I would say they it should be allowed. If we redefine SKEYID ... > Doesn't this complicates processing a lot? No, I don't think so. > Sometimes you allow different versions, sometimes - not. What are > the reasons for mixing versions in phase 1 and 2? I can start with old version of ISAKMP packet format and finish Phase 1 with that, but during that time I can find out from the vendor-id or something that yes the other end supports ISAKMP 1.1 which is needed to do some special exchanges, so I can switch to use ISAKMP 1.1 packet format for later exchanges. The reason I want to start with 1.0 instead of 1.1, might be that the other end might just drop all packets whose version number is not 1.0. -- kivinen@iki.fi Work : +358-9-4354 3218 SSH Communications Security http://www.ssh.fi/ SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
- draft-ietf-ipsec-ike-ext-meth-01.txt Valery Smyslov
- draft-ietf-ipsec-ike-ext-meth-01.txt Tero Kivinen
- Re: draft-ietf-ipsec-ike-ext-meth-01.txt Valery Smyslov
- Re: draft-ietf-ipsec-ike-ext-meth-01.txt Tero Kivinen
- Re: draft-ietf-ipsec-ike-ext-meth-01.txt Valery Smyslov
- Re: draft-ietf-ipsec-ike-ext-meth-01.txt Tero Kivinen