Jerome A. Solinas writes: > We would recommend keeping the same numbers (19, 20, 21) since it > appears that all existing implementations have made the correction.
Not true. For example our QuickSec OEM IPsec toolkit did originally use only X, but then some vendor complained that RFC4753 uses both X and Y so we "fixed" our toolkit to use both. All version shipped between 2007 and end of 2009 uses both X and Y, and only the latest version uses only X. Yes, this will mean that our latest version is not compatible with our old versions, so most likely that will cause the connections timeout when ECP groups are used, thus most likely users will then just notice that "Do not use ECP, it does not work". And note, that we only modified our code when some OTHER vendor told us that RFC4753 uses both X and Y. So we were not the only implementation out there which followed original RFC4753. Also as our customer has quite a long product cycles usually meaning that the release we make now will most likely get into the products only after year or two, and when we provide fixes for old versions for them, they might or might not make their actual products, that is not something we can tell. Usually it takes long time to get them into their products, which means the QuickSec toolkit based implementations using X and Y are going to be out there for long time... -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
