[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LDAP draft problem...

To: ipsec@tis.com
Subject: LDAP draft problem...
From: Dan McDonald <danmcd@Eng.Sun.Com>
Date: Mon, 12 Oct 1998 10:17:16 -0700 (PDT)
Sender: owner-ipsec@ex.tis.com

You've missed something important...

> NAME      SourceIPAddressRange
> DESC      Source IP addresses to which the policy applies
> EQUALITY caseExactIA5Match
> SYNTAX    IA5String
> SINGLE-VALUED
> FORMAT    SourceIPAddressRange is of the following form: three colon (':')
>           separated strings denoting a range of IP addresses. The
>           following formats are currently defined
> 
> 
>           1:<IPv4Address>:<CIDRPrefixLength>
>                   The IP v4 address is in dotted decimal format. The
>                   CIDRPrefixLength is the number of unmasked leading bits.
>                   A packet matches the condition if the unmasked
>                   bits on the packet are identical to the unmasked bits on the
>                   condition.
> 
> 
>           2:<IPv4Address>:<IPv4Address>

<SNIP!>

What about IPv6 addresses?  Using a colon as a separator will break in the
presence of IPv6 addresses.  I don't even see IPv6 addressed in this document
at all.

Dan

Prev by Date: Lifetime mismatch during phase1
Next by Date: Re: comments on VPN framework document
Prev by thread: Lifetime mismatch during phase1
Next by thread: Where have you put your IPSEC?
Index(es):
- Main
- Thread