On 27.06.2013, at 07:45, "Henderson, Thomas R" <[email protected]> wrote: >> Furthermore, I suggest to move the ESP_TRANSFORM negotiation to the I2 >> and R2 in order to complete the transport format type negotiation >> before starting the ESP transform negotiation. As I see it, this should >> not negatively impact ESP SA setup as the KEYMAT index in the ESP_INFO >> parameter is independent from the chosen ESP Suite ID. Or did I make a >> mistake here? >> > > Here, I think the impact may be that it is not aligned with other > negotiations in which the responder provides the list for the initiator to > choose from. By delaying it as you suggest, the initiator will be sending > the list of acceptable transforms and the responder choosing.
Ok, but the Initiator already proposes the DH_GROUP_LIST in HIPv2. > As is currently specified, the inclusion in R1 also adds clarity to the > TRANSPORT_FORMAT_LIST in the sense that the responders clarifies to the > initiator, e.g. "I accept ESP, and by ESP, I mean the suites defined in this > ESP_TRANSFORM list", and the initiator can decide to proceed or not based on > that information. That's actually a good point. > The downside to the current text seems to be that some bytes may be wasted in > starting the transform-specific negotiations for possibly unselected > transforms. I don't know how much this would occur or be a problem in > practice. We could argue that resource-constrained devices will probably restrict support to a single transform for the sake of minimizing ROM overhead and that the additional parameter adds negligible overhead in unconstrained scenarios. With this line of argumentation, we can leave the negotiation in 5202-bis as it is today. Other opinions? BR René -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 21429 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/
_______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
