[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Question about ID types in IPSEC DOI

To: "Derrell D. Piper" <ddp@network-alchemy.com>, Vipul Gupta <vgupta@nobel.Eng.Sun.COM>
Subject: RE: Question about ID types in IPSEC DOI
From: Roy Pereira <rpereira@TimeStep.com>
Date: Fri, 26 Jun 1998 16:17:49 -0400
Cc: ipsec@tis.com, vipul.gupta@Eng.Sun.Com
Sender: owner-ipsec@ex.tis.com

Title: RE: Question about ID types in IPSEC DOI

Why wouldn't you be able to use ID_KEY_ID in phase 1?

It is just an identity 'blob' that can have any format, so instead of using an email address with a specific format as an identifier (user@site) you could also use a non-formated identifier like "Bob's Laptop" if you use ID_KEY_ID.

> -----Original Message-----
> From: Derrell D. Piper [mailto:ddp@network-alchemy.com]
> Sent: Thursday, June 25, 1998 9:27 PM
> To: Vipul Gupta
> Cc: ipsec@tis.com; vipul.gupta@Eng.Sun.Com
> Subject: Re: Question about ID types in IPSEC DOI
>
>
> Vipul,
>
> The is a actually a bug in the current DOI. Since the last
> draft of ISAKMP,
> the IPSEC DOI ID types apply only to Phase 2 negotiations.
> The valid Phase 1
> types are now listed in the ISAKMP draft (and are much more
> limited).
>
> The ID_KEY_ID type predates the ISAKMP Vendor ID payload and
> should probably
> be deprecated in favor of that, since it's essentially a
> private extension.
>
> Who's using this type in Phase 1?
>
> Derrell
>

Prev by Date: Re: Question about ID types in IPSEC DOI
Next by Date: Byte-count lifetime enforcement?
Prev by thread: Re: Question about ID types in IPSEC DOI
Next by thread: More questions on ID types
Index(es):
- Main
- Thread