[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE V2 Open Issues

At 3:24 PM -0400 4/11/03, Theodore Ts'o wrote: 
Barbara and I believe that the list of algorithms and numbers which is
used to seed the IANA registry should stay in the ikv2 document:

   For Transform Type 1 (Encryption Algorithm), defined Transform IDs
   are:

          Name                     Number           Defined In
          RESERVED                    0
          ENCR_DES_IV64               1              (RFC1827)
          ENCR_DES                    2              (RFC2405)
          ENCR_3DES                   3              (RFC2451)
          ENCR_RC5                    4              (RFC2451)
          ENCR_IDEA                   5              (RFC2451)
		...

The reasoning is that there are other assigned numbers in the ikev2
document, and keeping the initial list in the ikev2 specs will be more
convenient for implementors.

None of the "other assigned numbers" are dealt with in Jeff's document; these are.

Implementers *have* to read both documents. They cannot implement the mandatory algorithms without reading Jeff's document. Thus, having the algorithm identifiers in the same document as the explanations of what is mandatory makes more sense than putting the numeric values in one document and the protocol description of the values (what is mandatory and what is not) in a different document.

  As with all of the other initial
assigned number lists, the list kept by the IANA can be extended in
the future without needing to revise the ikev2 document.

Assuming everything goes cleanly, that's correct. VPN vendors have seen this not go cleanly. If we choose to change the mandatory or suggested values in Jeff's document to something that is not in the base document, we'll then have numbers in *both* documents in the future; that's a mess. If we start off with all of initial registries in Jeff's document, revising Jeff's document will be cleaner.

--Paul Hoffman, Director
--VPN Consortium