Re: doi-07/interoperability questions

Ben Rogers <ben@Ascend.COM> Tue, 10 March 1998 22:13 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id RAA12922 for ipsec-outgoing; Tue, 10 Mar 1998 17:13:00 -0500 (EST)
Date: Tue, 10 Mar 1998 17:23:44 -0500
Message-Id: <199803102223.RAA09766@carp.morningstar.com>
From: Ben Rogers <ben@Ascend.COM>
To: "Eric L. Wong" <ewong@zk3.dec.com>
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>, ipsec@tis.com
Subject: Re: doi-07/interoperability questions
In-Reply-To: <3505B97B.E28DAEF4@zk3.dec.com>
References: <199803101550.KAA08137@carp.morningstar.com> <3.0.5.32.19980310135454.00959830@homebase.htt-consult.com> <199803101920.OAA08417@carp.morningstar.com> <3505B97B.E28DAEF4@zk3.dec.com>
Reply-To: ben@Ascend.COM
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Eric L. Wong writes:
> Sounds to me you are suggesting the following changes to the arch spec
> in section 4.5 Case 1. 
> ] 
> ]                   Transport                  Tunnel
> ]              -----------------          ---------------------
> ]              1. [IP1][AH][upper]        4. [IP2][AH][IP1][upper]
> ]              2. [IP1][ESP][upper]       5. [IP2][ESP][IP1][upper]
> ]              3. [IP1][AH][ESP][upper]
> ] 
> 
>                   Transport                     Tunnel
>              -----------------             ---------------------
>              1. [IP1][AH][upper]   (remove)4. [IP2][AH][IP1][upper]
>      (remove)2. [IP1][ESP][upper]          5. [IP2][ESP][IP1][upper]
>              3. [IP1][AH][ESP][upper] (add)6. [IP2][AH][ESP][IP1][upper]
> 
> Is this correct?

Nope.  All I'm suggesting is that we have a way to negotiate 5 followed
by 1 in ISAKMP.  The net result being:

[IP1][upper]
[IP2][ESP][IP1][upper]
[IP2][AH][ESP][IP1][upper]

I used to think that 6 was necessary, but was convinced this was not a
valid combination by Stephen Kent at the December IETF (AH is no longer
in tunnel mode).  You can, however, emulate it using the 5+1
combination.  This was what I was suggesting in the AH (transport) + ESP
(tunnel) proposal.

ben

doi-07/interoperability questions Ben Rogers
Re: doi-07/interoperability questions Robert Moskowitz
Re: doi-07/interoperability questions Ben Rogers
Re: doi-07/interoperability questions Derrell D. Piper
Re: doi-07/interoperability questions Ben Rogers
Re: doi-07/interoperability questions Robert Moskowitz
Re: doi-07/interoperability questions Eric L. Wong
Re: doi-07/interoperability questions Ben Rogers
Re: doi-07/interoperability questions C. Harald Koch
Re: doi-07/interoperability questions Yan-Fa LI
RE: doi-07/interoperability questions CJ Gibson
Re: doi-07/interoperability questions Eric L. Wong
Re: doi-07/interoperability questions Stephen Kent