Re: comments on ...isakmp-mode-cfg-02

"Scott G. Kelly" <skelly@redcreek.com> Wed, 18 March 1998 17:28 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id MAA04197 for ipsec-outgoing; Wed, 18 Mar 1998 12:28:16 -0500 (EST)
Message-ID: <3510073F.E92CCB2C@redcreek.com>
Date: Wed, 18 Mar 1998 09:41:19 -0800
From: "Scott G. Kelly" <skelly@redcreek.com>
Organization: RedCreek Communications
X-Mailer: Mozilla 4.04 [en] (Win95; I)
MIME-Version: 1.0
To: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
CC: ipsec@tis.com
Subject: Re: comments on ...isakmp-mode-cfg-02
References: <199803180036.TAA03135@istari.sandelman.ottawa.on.ca>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Michael C. Richardson wrote:
> 
>   I propose that when it comes to writing up new drafts, we will be writing
> up ISAKMP v1.1. It isn't clear to me what to do when a responder receives
> a packet with a minor version that is *greater* than its own. I think that
> one should turn around and initiate with a packet containing major/minor
> that one can work with. I.e. the initiator's packet is just "lost", but an
> ISAKMP SA is setup.

Yes, this makes sense.

>  [hmm. WAIT:
> 
>  o  Minor Version (4 bits) - indicates the minor version of the ISAKMP
>     protocol in use.  Implementations based on this version of the ISAKMP
>     Internet-Draft MUST set the Minor Version to 0.  Implementations
>                                                 ***
>     based on previous versions of ISAKMP Internet-Drafts MUST set the
>     Minor Version to 1.  Implementations SHOULD never accept packets with
>                     ***
>     a minor version number larger than its own, given the major version
>     numbers are identical.
> 
>   Isn't the 0/1 minor numbers reversed? Previous == 1, current = 0?]
> 

I think so - I sent email to Doug Maughan asking about this just before
v09 was released to the list, but figured either I was missing
something, or that he didn't get the email in time.

>     Scott> something in temporarily, but when you start going to the trouble
>     Scott> of writing drafts, why not design it right?
> 
>   I think we are pretty close.

Yup, and no sense stumbling now...