IETF Logo Mail Archive

Re: doi-07/interoperability questions

Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 10 March 1998 18:46 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id NAA11358 for ipsec-outgoing; Tue, 10 Mar 1998 13:46:58 -0500 (EST)
Message-Id: <3.0.5.32.19980310135454.00959830@homebase.htt-consult.com>
X-Sender: rgm-sec@homebase.htt-consult.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Tue, 10 Mar 1998 13:54:54 -0500
To: ben@Ascend.COM, ipsec@tis.com
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Subject: Re: doi-07/interoperability questions
In-Reply-To: <199803101550.KAA08137@carp.morningstar.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

At 10:50 AM 3/10/98 -0500, Ben Rogers wrote:

I believe you are talking about where the transforms all end at the same
system not the case where the transport is end to end and the tunnel is
gateway to gateway.

>My other question centers on the use of Encapsulation Mode attributes in
>combined (AND) proposal transforms.  Namely, it seems obvious that we
>should support the case where both are transport mode (Case 1.3 in
>section 4.5 of arch-sec), and not support the case where both are tunnel
>(probably returning a BAD-PROPSAL-SYNTAX).  However, I'm not too clear
>as to whether I should support mixed proposals.  My opinion is that it
>makes sense to support AH (transport) and ESP (tunnel) with the
>following encapsulation:
>
>[IP2][AH][ESP][IP1][upper]
>
>and to not support AH (tunnel) and ESP (transport).  Does anyone else
>have any feelings on this matter?  Whatever we choose probably ought to
>be added as clarifying text to [IPDOI].
>
>
>ben
>
>
Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

v2.30.2 | Report a Bug | By Email | System Status