Hi, Christy.
1st of all, test script itself doesn't have any authority.
The importance is in test specification.
You can find it on <http://www.ipv6ready.org/> and <http://www.ipv6ready.org/pdf/IPsec_1_8_0.pdf>.
Then, talking about ESN, we imply to use Extended (64-bit) Sequence Number.
As you said, use of an ESN MUST be negotiated by an SA management protocol,
but we never use IKE in IPsec test cases.
Even so, we consider that it can't be ignored because ESN is one of big features in IPsec v3.
So, we defined that using ESN is an optional function in test specification.
It means that we don't require to have a manual configuration interface for ESN.
If you have such an interface, you can test it, otherwise you can skip it.
How do you think?
On Wed, 26 Sep 2007 09:10:19 -0500
Christy L Norman <cnorman@us.ibm.com> wrote:
> Tahi users and developers,
>
> I am sending this e-mail for a colleague. He states:
>
> Clarification is needed on test case 5.1.12 of the IPSec v1.1.0 test
> suite. The title reads"5.1.12 ICV calculation (ESN), ESP=3DES-CBC
> HMAC-SHA1". I need clarification that the 'ESN' in the title refers to
> Extended Sequence Number function being tested. The script and packet
> information included with the test case does not help to clarifiy. If
> this does imply that ESN is to be tested for 5.1.12, that would seem to
> contradict wording in RFC4306 which says that ESN must be negotiated by a
> SA negotiating protocol (i.e. IKE).
>
> Thank you,
>
> Christy
------------------------------------------------------------------------
Yukiyo Akisada <akisada@tahi.org>