[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reminder: last call for PIC in the IPSRA WG



paul.hoffman@xxxxxxxx (Paul Hoffman / VPNC) writes:
> Hi again. Just a reminder that we are in the middle of the PIC last 
> call in the IPSRA WG. The last call ends at the end of September 
> unless significant changes are needed to the spec.
> 
> It has been pretty quiet here, and maybe that is good.

I was also on vacation (four weeks :>), which delayed somewhat this mail. I
didn't want to start discussion while people were still in Finland in the
VPN workshop, and I regrettably had to leave workshop's summary session
before I could poll it locally.

I still personally feel that with the discussion about s-o-IKE, and
_especially_ the discussions regarding aggressive/main(/base) mode in IPsec
WG, it might be bad idea to select aggressive-like approach for PIC.

Why do we want to perform significant work on basis of a packet from a
source which we haven't even verified exists and really wants to talk to
us?

This could be circumvented (at least) by changing the exchange from 3 to 4
messages and styling it after base mode instead of aggressive mode.

If someone else agrees, feel free to point it out; if it's just me, I'll
go back to my corner :>

> --Paul Hoffman, Director
> --VPN Consortium

-Markus

-- 
Markus Stenberg (stenberg@xxxxxxx) of SSH Communications Security (www.ssh.com)