[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Architectural relationship between KMP and IPSP

To: DEAN@hydra.dra.hmg.gb
Subject: Re: Architectural relationship between KMP and IPSP
From: Phil Karn <karn@qualcomm.com>
Date: Tue, 12 Jul 1994 09:39:01 -0700
Cc: ipsec@ans.net
In-Reply-To: <199407120928.AA38971@interlock.ans.net> (DEAN@hydra.dra.hmg.gb)

Tim,

I've given some thought to this problem (since I'm trying to implement
something) and I think the most general solution is to let the application
decide what security it wants from IPSP -- if any. That's the hook for
the key management protocol; it would turn off IPSP level protections in
favor of its own.

Another (somewhat related) problem is puncturing firewalls, one of my
original motivations for IPSP. It would probably be easiest if the key
management protocol would share the same IP protocol number as IPSP
itself, probably by using a special reserved SAID. That would make it
easy to configure a firewall to allow all IPSP-related communications
to come in.

Phil

References:

Architectural relationship between KMP and IPSP

From: "Tim Dean" <DEAN@hydra.dra.hmg.gb>

Prev by Date: Architectural relationship between KMP and IPSP
Next by Date: More swIPe Comments...Better late than never
Prev by thread: Architectural relationship between KMP and IPSP
Next by thread: More swIPe Comments...Better late than never
Index(es):
- Main
- Thread