[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple payloads via "ID_LIST"

To: ipsec@tis.com
Subject: Re: multiple payloads via "ID_LIST"
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Tue, 22 Sep 1998 17:37:12 -0400
In-reply-to: Your message of "Tue, 22 Sep 1998 13:58:04 PDT." <36080F5C.5E886D02@redcreek.com>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Scott" == Scott G Kelly <skelly@redcreek.com> writes:
    Scott> In an earlier email, Dan said

    >> Addressing Scott's point: the ID payload is woefully overloaded. We're
    >> trying to express SPD policy in it and that was not its original
    >> purpose.  If I remember correctly Steve Kent removed some selector
    >> types from the Architecture Draft because IKE was unable to express
    >> them. It would not only be nice to have lists of address ranges, it
    >> would be nice to express the "everything but" construct: "this SA is
    >> to be used for all TCP except port 80". But I'm not sure the poor ID
    >> payload is the place to do it.

    Scott> I think the general 'overload' argument may hinge on the fact that
    Scott> what's being represented in phase 1 by the ID payload is different
    Scott> than what's being represented in phase 2. While I think semantic

  Okay, I remember this discussion.
  Given this, I will change my opinion: we should leave the ID payload alone
and define a new payload for phase II in ISAKMP version 1.1. If we need to
define one or two additional payloads to solve actual problems that we
honestly have *now*, that is fine, but I think we should think about 
a better solution. Perhaps we need to wait for some of the Policy WG people
to advance a bit on admission policy to other things.

   :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
   Michael Richardson |For a better connected world,where data flows faster<tm>
 Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
 Corporate: <A HREF="mailto:mcr@solidum.com">mcr@solidum.com</A>. 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNggYhdiXVu0RiA21AQEqagL+OTGovxDtUvBco8h6+q+dQeI/NaH7S1Oh
Rzxt5nII0zvpVWzHFROroT8CHeXeXZ8+O987WMcxAXO5EjEDsgZk3Yfkng9TM7Lj
lBI1jsD6lG9yza5E+d6oJ5bpFESRQWdu
=KjMk
-----END PGP SIGNATURE-----

Follow-Ups:

Re: multiple payloads via "ID_LIST"

From: "Scott G. Kelly" <skelly@redcreek.com>

References:

Re: multiple payloads via "ID_LIST"

From: "Scott G. Kelly" <skelly@redcreek.com>

Prev by Date: Re: multiple payloads via "ID_LIST"
Next by Date: Re: issues with IKE that need resolution
Prev by thread: Re: multiple payloads via "ID_LIST"
Next by thread: Re: multiple payloads via "ID_LIST"
Index(es):
- Main
- Thread