[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [Ipsec] IKEV2 questions
From: Tero Kivinen <kivinen () iki ! fi>
Date: 2005-03-11 18:17:21
Message-ID: 16945.57521.724349.384974 () fireball ! kivinen ! iki ! fi
[Download RAW message or body]
Saroop Mathur writes:
> Agreed that 0 should not have been defined as a transform value for
> ESN. But ID-O does not mean Optional for other transform types. ID-0 is
> a reserved value for most transform types and cannot be send in a SA
> proposal.
Actually not so. ID=0 is reserved in Encryption Algorithm nad
Pseudo-random function. ID=0 is NONE for Integrity Algorithm
and Diffie-Hellman Group. And if only value you would be sending would
be NONE, then you are allowed to leave out the whole transform type
(3.3.3 last sentence).
As ID=0 is not NONE but "No extended sequence numbers" in the Extended
sequence numbers transform type, it cause confusion when combined with
3.3.3.3. My recommendation is that we modify the 3.3.2 by removing the
"If Transform Type 5 is not included in a proposal, use of
Extended Sequence Numbers is assumed."
and also modifying the Transform type values table to say
"Extended Sequence Numbers (ESN) 5 (AH and ESP)"
and also modifying the 3.3.3 so that we move ESN from Optional Types
to Mandatory Types for ESP and AH.
--
kivinen@safenet-inc.com
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic