[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: multiple payloads via "ID_LIST"
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Scott" == Scott G Kelly <skelly@redcreek.com> writes:
Scott> I'm still thinking about your proposal, and while I like the
Scott> simplicity, there is one remaining issue: neither my nor your
Scott> proposal addresses port/protocol lists. This is a difficult issue,
I keep thinking we already have that. But, we don't have port/protocol
in IKE yet, correct?
Perhaps we need to have two types of ID_LIST: AND and OR.
Add to that ID_IPV4_PROTOCOL, ID_IPV6_PROTOCOL, ID_TRANSPORT_PORT.
Thus, to negotiate a secure Telnet session, one says gives one end as
being:
src: ID_AND_LIST:
[ID_IPV4_ADDR: client, ID_IPV4_PROTOCOL: TCP, ID_TRANSPORT_PORT: 65418]
dst: ID_AND_LIST:
[ID_IPV4_ADDR: server, ID_IPV4_PROTOCOL: TCP, ID_TRANSPORT_PORT: 23]
Scott> is almost certain to provoke strong resistance), or adding new
Scott> ones. Have you considered this problem?
I think we have to add new ones.
{ One alternative is a declarative packet description language (an internet
draft describing ours will be published very soon):
"ip4TcpConn(client, server, 65418, 23)"
}
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNgfjmNiXVu0RiA21AQEt0gL/cDyW1vYud0AWtOuK3EhJW+HbnZbuJacT
eXyex18PVRYDfYou7Z/HI2ez9Y4EKTHdsIG39oEcgRMO3G6Ml0PPWyaGkGCl4sFx
8XJSYPbS6A/gE+gZQj+jWyfwkJknpVBX
=bZ+Z
-----END PGP SIGNATURE-----
References: