IETF Logo Mail Archive

Re: doi-07/interoperability questions

"Eric L. Wong" <ewong@zk3.dec.com> Tue, 10 March 1998 21:46 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id QAA12679 for ipsec-outgoing; Tue, 10 Mar 1998 16:46:59 -0500 (EST)
Message-Id: <3505B97B.E28DAEF4@zk3.dec.com>
Date: Tue, 10 Mar 1998 17:06:51 -0500
From: "Eric L. Wong" <ewong@zk3.dec.com>
X-Mailer: Mozilla 4.04 [en] (Win95; I)
Mime-Version: 1.0
To: Ben Rogers <ben@Ascend.COM>
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>, ipsec@tis.com
Subject: Re: doi-07/interoperability questions
References: <199803101550.KAA08137@carp.morningstar.com> <3.0.5.32.19980310135454.00959830@homebase.htt-consult.com> <199803101920.OAA08417@carp.morningstar.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Sounds to me you are suggesting the following changes to the arch spec
in section 4.5 Case 1. 
] 
]                   Transport                  Tunnel
]              -----------------          ---------------------
]              1. [IP1][AH][upper]        4. [IP2][AH][IP1][upper]
]              2. [IP1][ESP][upper]       5. [IP2][ESP][IP1][upper]
]              3. [IP1][AH][ESP][upper]
] 

                  Transport                     Tunnel
             -----------------             ---------------------
             1. [IP1][AH][upper]   (remove)4. [IP2][AH][IP1][upper]
     (remove)2. [IP1][ESP][upper]          5. [IP2][ESP][IP1][upper]
             3. [IP1][AH][ESP][upper] (add)6. [IP2][AH][ESP][IP1][upper]

Is this correct?

I think it is ok to remove 4, it really doesn't buy you much.  
I think we should keep 2.  This new one for tunnel mode seem 
to make sense.  Now, should we restrict 6 to just gateway-to-
gateway?

/eric

Ben Rogers wrote:
> 
> Yes.  In fact, I was thinking specifically about gateway to gateway
> configurations using both AH and ESP.
> 
> Robert Moskowitz writes:
> > At 10:50 AM 3/10/98 -0500, Ben Rogers wrote:
> >
> > I believe you are talking about where the transforms all end at the same
> > system not the case where the transport is end to end and the tunnel is
> > gateway to gateway.
> >
> > >My other question centers on the use of Encapsulation Mode attributes in
> > >combined (AND) proposal transforms.  Namely, it seems obvious that we
> > >should support the case where both are transport mode (Case 1.3 in
> > >section 4.5 of arch-sec), and not support the case where both are tunnel
> > >(probably returning a BAD-PROPSAL-SYNTAX).  However, I'm not too clear
> > >as to whether I should support mixed proposals.  My opinion is that it
> > >makes sense to support AH (transport) and ESP (tunnel) with the
> > >following encapsulation:
> > >
> > >[IP2][AH][ESP][IP1][upper]
> > >
> > >and to not support AH (tunnel) and ESP (transport).  Does anyone else
> > >have any feelings on this matter?  Whatever we choose probably ought to
> > >be added as clarifying text to [IPDOI].
> > >
> > >
> > >ben
> > >
> > >
> > Robert Moskowitz
> > ICSA
> > Security Interest EMail: rgm-sec@htt-consult.com

v2.29.0 | Report a Bug | By Email | System Status