Re: issues with IKE that need resolution

[Rodney Thayer <rodney@tillerman.nu>]

The requirement is -- we want one SA for multiple purposes

The problem is -- expressing what we want gets complex, ugly,
and possibly unworkable.

I note also that rough consensus is that rfc822name and fqdn
are, for all intents and purposes, a slab of printable characters.

Why don't we add ONE ID type, LABEL, which is an "arbitrary printable
string"?  It's meaning gets defined outside of IKE (but within bounds
of the archtecture or something).  So then we'd say something like
"id=banktellers" which means "telnet between 9 and 5 local time to
host-a and FTP between 4 and 5 local time to host-b".  These 
labels could be Policy Language (program names) or (gasp!) email addresses
or driver's licence numbers or whatever you want.

THEN, building on that, the ideas that Scott mentioned could be
dealt with as specially defined labels.  This would be done in the
previously-invented style of host "localhost" or email address
"postmaster@cisco.com".

This does not get the information itself (the list of subnets or ports, etc.)
transmitted over the IKE data path but it lets you say something more
sophisticated than "ugh, let me talk to 10.0.0.1".


At 09:11 PM 9/17/98 -0700, you wrote:
>  Is there a point in identifying yourself as "198.31.2.0/24"?
  (... remainder of fowarded message removed...)

---

Follow-Ups:

• Re: issues with IKE that need resolution
• From: Daniel Harkins <dharkins@cisco.com>

References:

• Re: issues with IKE that need resolution
• From: Daniel Harkins <dharkins@cisco.com>

---

• Prev by Date: New source release available - PLEASE READ
• Next by Date: Re: UBE/medium: Re: issues with IKE that need resolution
• Prev by thread: Re: issues with IKE that need resolution
• Next by thread: Re: issues with IKE that need resolution
• Index(es):
  • Main
  • Thread