ietf-openproxy
[Top] [All Lists]

Re: Capability Negotiation for OCP

2003-06-02 11:39:47


On Thu, 17 Apr 2003, The Purple Streak, Hilarie Orman wrote:

PPP, IPSec and IKE use "offer, select".  The trick is to spell out
the complete set of selections at offer time.  Don't say (A1 or A2)
and (B1 or B2) if (A1 and B2) is not permitted - say instead

      { A2 and (B1 or B2) } or { A1 and B1}

I am adding negotiation mechanisms to the OCP draft. While describing
how negotiation works, I realized that providing a _complete_
selection "menu" in one offer would require very deep nesting of OCP
data structures or very long OR lists for some negotiations. I was
surprised that a protocol like PPP (RFC 1661) could handle that
(something the above examples imply) and read the PPP specs.

My current understanding is that PPP does not spell out all possible
selections in each offer.  Instead, it spells out one selection (e.g.,
"A2 and B1"). If that selection is rejected, a different selection is
provided (e.g., "A2 and B2"). There may be better places to quote, but
here is one direct quote from "6.2. Authentication-Protocol"

    An implementation MUST NOT include multiple Authentication-
    Protocol Configuration Options in its Configure-Request packets.
    Instead, it SHOULD attempt to configure the most desirable
    protocol first.  If that protocol is Configure-Nak'd, then the
    implementation SHOULD attempt the next most desirable protocol in
    the next Configure-Request.

I am sending this message to provide an example where multiple offer
messages are used. I am not, at this point, advocating either approach
(a single complex and complete offer versus a series of simple
incomplete offers, each requiring immediate response). If you have any
preferences or suggestions, please voice them!

Thank you,

Alex.

P.S. I did not have enough energy/time to understand whether IKE and
     IPSec support multiple offer messages within the same negotiation
     phase. They do support multiple OR choices within one message.

<Prev in Thread] Current Thread [Next in Thread>