[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-arch-sec-02.txt and last call

To: Indermohan Singh Monga <imonga@BayNetworks.COM>
Subject: Re: draft-ietf-ipsec-arch-sec-02.txt and last call
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Wed, 19 Nov 1997 17:42:58 -0500
cc: Stephen Kent <kent@bbn.com>, ipsec@tis.com
In-reply-to: Your message of "Wed, 19 Nov 1997 12:31:19 -0500 ." <199711191731.MAA25906@pobox.engeast.BayNetworks.COM>
Sender: owner-ipsec@ex.tis.com

    So does that mean having a "discard" action in the IPSec Security
    policy is a SHOULD and not a MUST? I might not want to provide the
    "discard" choice as an action for my IPSec policy, depending on
    presence of other subsystems to handle it. 

I don't understand why this is an issue.  ipsec implementations have
to be able to discard packets in the case where (for instance) the
HMAC doesn't verify, so your ipsec code will be talking to whatever
bit of your system does packet discards..

more generically, if your system has a sufficiently generic/flexible
framework for selective packet discard, the ipsec policy code can
merely reprogram that framework rather than implementing its own
filtering..

					- Bill

References:

Re: draft-ietf-ipsec-arch-sec-02.txt and last call

From: Indermohan Singh Monga <imonga@BayNetworks.COM>

Prev by Date: finding docs
Next by Date: DH Group strengths
Prev by thread: Re: draft-ietf-ipsec-arch-sec-02.txt and last call
Next by thread: Re: draft-ietf-ipsec-arch-sec-02.txt and last call
Index(es):
- Main
- Thread