[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: use of client IDs

To: Pyda Srisuresh <suresh@livingston.com>, dharkins@cisco.com
Subject: RE: use of client IDs
From: Bryan Gleeson <BGleeson@shastanets.com>
Date: Fri, 19 Jun 1998 13:05:46 -0700
Cc: Bryan Gleeson <BGleeson@shastanets.com>, skelly@redcreek.com, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Pyda,

[...]
> I think, Bryan is arguing for making ID payload (which in its 
> current state
> is the poor man's policy descriptor) mandatory.

Actually I'm proposing that it should be optional, since to make it
mandatory would preclude simple cases like "on interface X use 
security association Y for all traffic sent to destination Z". 

In general I think things would be much clearer if the discussion was in
terms of hosts and routers, and hosts running X, and routers running Y
etc.
Instead there is a rather confusing array of clients (IKE, GW etc), (but
interestingly there are no servers), gateways, nodes, VPNs, processes
etc. 

BTW whats the definition of "client" (a host, host interface, group of
hosts, flow, aggregate flow or all of the above) and where is it defined
? 
I have noticed that the word client does not appear in either the 
architecture document, the DOI spec, or the ISAKMP spec (except in a 
reference to Kerberos). 

Bryan

Follow-Ups:

Re: use of client IDs

From: "Scott G. Kelly" <skelly@redcreek.com>

Re: use of client IDs

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: use of client IDs
Next by Date: Re: use of client IDs
Prev by thread: Re: use of client IDs
Next by thread: Re: use of client IDs
Index(es):
- Main
- Thread