[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: vendor id

Hi Vamsi,

When to send vendor ids is not documented anywhere in the RFCs (not even in
the expired extension methods draft).

For simplicity's sake, I would recommend sending all vendor ids in the first
two messages of the exchange. You will get better interoperability that way.

Also, the XAuth draft tells you to include a private attribute within the SA
payload, which is always sent in the first two messages of the exchange. If
you don't send the vendor id immediately then the peer won't know how to
interpret that attribute.

Andrew
--------------------------------------
Beauty with out truth is insubstantial.
Truth without beauty is unbearable.

-----Original Message-----
From: owner-ietf-xauth@xxxxxxxxxxxxx
[mailto:owner-ietf-xauth@xxxxxxxxxxxxx]On Behalf Of vamsi
Sent: Tuesday, November 21, 2000 5:36 AM
To: ietf-xauth@xxxxxxxx
Subject: vendor id


Hi,


   In  the  draft of   ' Extended Authentication within IKE (XAUTH)' it is
written as


"   In order to ensure interoperability with
   future and past implementations of XAUTH a Vendor ID has been added.
   The Vendor ID payload is sent during the phase 1 exchange as per
   [ISAKMP].  The vendor id payload SHOULD be authenticated whenever
   possible.  "



   My  question  is  in which message  of  phase 1   exchange should
'vendor ID payload'  is  sent ?
  If the  phase 1  is in Main mode  then   in which message and if  it is
Agressive Mode  then in which
message?

bye



**************************************************************
Wealth is lost            Nothing is lost
Health is lost            Something is lost
Character is lost      Everything is lost

****************************************************************