Re: [Ipsec-tools-devel] NATT support, cleanup on the situation....

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sun, 30 Jan 2005, Emmanuel Dreyfus wrote:

> In my opinion, once things are in a release, they should be considered
> as carved in the stone. The only exception for me would be security and
> interoperability issues.
> 
> And this is why I think we should only remove the things that violate
> the RFC from --enable-natt. Thing that violate the RFC are drafts 05+,
> drafts 00-04 and RFC are RFC-compliant.

I completely agree with Manu. We must support RFC _in_addition_ to 
currently supported drafts in default config because
- otherwise we confuse our users
- new racoon should work with old racoon when compiled with the same 
  config options
- it doesn't break anything

I'm fine with removing drafts 01 and 03 from default config because they 
are basically the same as 00 and 02. However 02_n should be kept.

To make things more complicated, here is Michal's proposition :-)
--enable-natt will enable 00, 02 and RFC
--enable-natt=00,01,02,03,04,05,06,rfc will enable those specified drafts 
respectively. 

IMHO it's cleaner than to have tons of separate --enable-natt-dratf_NN 
switches.

Michal Ludvig
-- 
* A mouse is a device used to point at the xterm you want to type in.
* Personal homepage - http://www.logix.cz/michal