[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Per-socket policy and ISAKMP

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: Re: Per-socket policy and ISAKMP
From: Stephen Kent <kent@bbn.com>
Date: Fri, 23 Jan 1998 18:20:22 -0500
Cc: ipsec@tis.com
In-Reply-To: <199801231939.LAA25939@kebe.eng.sun.com>
Sender: owner-ipsec@ex.tis.com

Dan,

	The model I've been assuming calls for the SPD to be consulted when
a new SA is created, irrespective of whether one is the initiator or
responder.  If the intent of the local policy is to require SHA-1 for all
SAs, then that should be reflected in the policy database and I would
suggest that it result in a failed ISAKMP negotiation, to avoid later
discarding of packets.

Steve

References:

Per-socket policy and ISAKMP

From: Dan McDonald <danmcd@Eng.Sun.Com>

Prev by Date: Re: Per-socket policy and ISAKMP
Next by Date: Re: Authentication Padding
Prev by thread: Re: Per-socket policy and ISAKMP
Next by thread: Re: Per-socket policy and ISAKMP
Index(es):
- Main
- Thread