IETF Logo Mail Archive

Re: doi-07/interoperability questions

"C. Harald Koch" <chk@utcc.utoronto.ca> Tue, 10 March 1998 23:07 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA13244 for ipsec-outgoing; Tue, 10 Mar 1998 18:07:57 -0500 (EST)
Message-Id: <98Mar10.182152est.11654@janus.tor.securecomputing.com>
To: ben@Ascend.COM
cc: "Derrell D. Piper" <ddp@network-alchemy.com>, ipsec@tis.com
Subject: Re: doi-07/interoperability questions
References: <199803101550.KAA08137@carp.morningstar.com> <199803101927.LAA06845@drawbridge.ascend.com> <199803101941.OAA08443@carp.morningstar.com>
In-reply-to: ben's message of "Tue, 10 Mar 1998 14:41:39 -0500". <199803101941.OAA08443@carp.morningstar.com>
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
X-uri: <URL:http://chk.home.ml.org/>
X-Face: )@F:jK?*}hv!eJ}*r*0DD"k8x1.d#i>7`ETe2; hSD2T!:Fh#wu`0pW7lO|Dfe'AbyNy[\Pw z'.bAtgTM!+iq2$yXiv4gf<:D*rZ-|f$\YQi7"D"=CG!JB?[^_7v>8Mm; z:NJ7pss)l__Cw+.>xUJ) did@Pr9
Date: Tue, 10 Mar 1998 18:20:38 -0500
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

In message <199803101941.OAA08443@carp.morningstar.com>, Ben Rogers writes:
> 
> I'm not complaining about the current draft.  In fact, I have
> implemented it.  However, I found that sending either an AH-MD5 or an
> AH-SHA1 with the corresponding HMAC-MD5 or HMAC-SHA1 attribute was
> not accepted by many implementations, and only 3 or 4 others actually
> sent these transform payloads with the correct auth attribute.

I saw this too. In fact, we had to relax our policy configuration code to
interoperate with several other vendors for this exact reason. I agree with
Derrell that the standard is explicit on this. However, many vendors are
getting it wrong...

-- 
Harald

v2.29.0 | Report a Bug | By Email | System Status