[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Auto filter rule generation for Phase 2 tunnels
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
Stephen> just been posted as an I-D. The solution proposed there
Stephen> (as in the prevuious version distributed on 7/30/97) is
Stephen> that the set of security policy rules (filters) MUST be
Stephen> ordered. As you note, there is no obvious canonical
Stephen> ordering, especially when one adds the other selector
Stephen> types defined in the architecture document. It is
I just read that section last night again.
Is there any point in talking about an ordering if there is no
canonical order?
In general, I feel that the architecture document has gone beyond
being a functional specification and gone into being a design
specificiation. I've been told by some that this is a trend in IETF
standards, and isn't something I should worry about.
I am pleased in general, with the document, and particularly the
ICMP sections.
] ON HUMILITY: to err is human. To moo, bovine. | SSH IPsec [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |international[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNHLRdcmxxiPyUBAxAQFT0QL9FibZcVi7zS2IfgdKPmwDTggLIUBfciX4
KqUGtivpeJXhtgMWf+bHrGNKEalzK8RIrvi4/mmTAnq0FXBvtC5da5cLG3aG4EEe
D/E6kPtCOhRLmq6ndVY6W3aaaadTMIV5
=UhJ9
-----END PGP SIGNATURE-----
Follow-Ups:
References: