[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

adding port number to ISAKMP Internet DOI ID's

To: ipsec@TIS.COM
Subject: adding port number to ISAKMP Internet DOI ID's
From: pau@watson.ibm.com
Date: Tue, 18 Jun 1996 16:22:52 -0400
Cc: hugo@watson.ibm.com
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Sender: ipsec-approval@neptune.tis.com

I would like to suggest adding port number and protocol as an
option field to ISAKMP Internet DOI ID's. The field could be sent together
with a IPv4 or IPv6 address. The address:port:protocol ID can be used
as IDui or IDur during proxy negotiation.

I think this feature is useful for per-user or per-connection keying.
Say, when a user wishes to secure a particular connection.


Pau-Chen

Disclaimer: This message is NOT intended to re-ignite the debate on
            per-user keying. Personally, I like to see all communication
            secured with one secure tunnel whose keys are frequently refreshed. 
            But I have encountered much more than one request
            for per-user/connection keying (Which means some packets
            can be unprotected.).  In any case, I think the
            cost of adding the field is small. So I suggest ISAKMP provide
            this flexibility. A responder can always refuse such a request.

Follow-Ups:

Re: keying styles

From: Ran Atkinson <rja@cisco.com>

Prev by Date: Re: ISAKMP null transforms
Next by Date: Re: ISAKMP null transforms
Prev by thread: Re: ISAKMP null transforms
Next by thread: Re: keying styles
Index(es):
- Main
- Thread