RE: a drop/bypass action negotiation issue

["Borovoy, Noam" <nborovoy@oas_mail.brea.interlink.com>]

You're raising two very different issues:
the first: securing some "control" communication while allowing the
resulting service trafic to go in the clear, there are basically two
possible situations:
-the control trafic uses different protocols or ports from the service
trafic - in this case the currently defined selectors should be enough.
- the control trafic uses the same protocol and port as the service
trafic, in this case the overhead to change the control application to
negotiate a 'clear' connection for the service trafic would be probably
greater than simply changing it to use a different protocol or port that
would be defined by policy to be in the clear.

On the second issue - policy management and distribution - there needs
to be a lot of work done in IPsecond to enable future interoperability.
I'll second you on policy negotiation and management being key to any
wide deployment, there certainly should be more discussion on this
topic.

Regards,
Noam Borovoy

---

Follow-Ups:

• RE: a drop/bypass action negotiation issue
• From: Indermohan Singh Monga <imonga@BayNetworks.COM>

---

• Prev by Date: Results of the IPSEC document reading party
• Next by Date: Results of the IPSEC document reading party
• Prev by thread: Re: a drop/bypass action negotiation issue
• Next by thread: RE: a drop/bypass action negotiation issue
• Index(es):
  • Main
  • Thread