[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed changes to ISAKMP/Oakley



Ran Atkinson wrote:
> :
> :
>         After reading Dan H's draft in closer detail again, I concur that
>         the capabilities there are fine.  Not clear to me whether its better
>         or not, but its clearly sufficient.
> 
>         The model is different, but that is mostly irrelevant because the
>         two models can be mapped 1:1 trivially.
> 
>         What I'd suggest is that we wordsmith here a bit to try to minimise
>         terminology-induced confusion.
> 
>         Perhaps the term Proxy-ID in ISAKMP/Oakley could be changed to
>         something like "Client Identity" since in the ISAKMP/Oakley model,
>         the entity whose identity is in the "Source Identity" field is
>         _always_ the IPsec/ISAKMP entity.  The other field in ISAKMP/Oakley
>         is blank when the IPsec/ISAKMP entity is acting on its own behalf,
>         but non-blank when the IPsec/ISAKMP entity is proxying on behalf
>         of some other client node. :-)
> :
> :
    I think, IDui and IDur should also change to IDci and IDcr.


References: