[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
adding port number to ISAKMP Internet DOI ID's
I would like to suggest adding port number and protocol as an
option field to ISAKMP Internet DOI ID's. The field could be sent together
with a IPv4 or IPv6 address. The address:port:protocol ID can be used
as IDui or IDur during proxy negotiation.
I think this feature is useful for per-user or per-connection keying.
Say, when a user wishes to secure a particular connection.
Pau-Chen
Disclaimer: This message is NOT intended to re-ignite the debate on
per-user keying. Personally, I like to see all communication
secured with one secure tunnel whose keys are frequently refreshed.
But I have encountered much more than one request
for per-user/connection keying (Which means some packets
can be unprotected.). In any case, I think the
cost of adding the field is small. So I suggest ISAKMP provide
this flexibility. A responder can always refuse such a request.
Follow-Ups: