[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: proposed changes to ISAKMP/Oakley
Ran Atkinson wrote:
> :
> :
> After reading Dan H's draft in closer detail again, I concur that
> the capabilities there are fine. Not clear to me whether its better
> or not, but its clearly sufficient.
>
> The model is different, but that is mostly irrelevant because the
> two models can be mapped 1:1 trivially.
>
> What I'd suggest is that we wordsmith here a bit to try to minimise
> terminology-induced confusion.
>
> Perhaps the term Proxy-ID in ISAKMP/Oakley could be changed to
> something like "Client Identity" since in the ISAKMP/Oakley model,
> the entity whose identity is in the "Source Identity" field is
> _always_ the IPsec/ISAKMP entity. The other field in ISAKMP/Oakley
> is blank when the IPsec/ISAKMP entity is acting on its own behalf,
> but non-blank when the IPsec/ISAKMP entity is proxying on behalf
> of some other client node. :-)
> :
> :
I think, IDui and IDur should also change to IDci and IDcr.
References: