[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 in the IPSec MIB

To: daniele@zk3.dec.com
Subject: Re: IPv6 in the IPSec MIB
From: John Shriver <jas@shiva.com>
Date: Thu, 19 Nov 1998 11:55:24 -0500
CC: ipsec@tis.com
In-reply-to: <365437CC.228C9C4B@zk3.dec.com> (message from Mike Daniele onThu, 19 Nov 1998 10:22:53 -0500)
Sender: owner-ipsec@ex.tis.com

I presume that the RFC for IPV6-TC is pending in the RFC Editor queue,
which is obviously delayed...

I suppose one approach to this would be to use Ipv6Address everywhere
where an address is in the MIB.  IPv4 addresses would be represented
as the "canonical" mapping to IPv6.  That is, 10.0.0.51 would be
0:0:0:0:0:FFFF:10.0.0.51.

Of course, that raises the issue whether SA's really are allowed to be
mapped that way.  That is, is the SA with IPv4 address 10.0.0.51 and
SPI 1 the same as the SA with IPv6 address 0:0:0:0:0:FFFF:10.0.0.51
and SPI 1?  Certainly such a pairing would never work for AH, as the
translation of the header packet from IPv4 to IPv6 could corrupt the
AH prf() value.

We need an authoritative answer to whether the SA naming space is IPv4
as a subset of IPv6, or totally skew between IPv4 and IPv6.  Then we
can make the MIB match it.

I don't see TDomain/TAddress as working for this, since these are just
addresses, not addresses with UDP ports.  (At least in the SA's.)

References:

IPv6 in the IPSec MIB

From: Mike Daniele <daniele@zk3.dec.com>

Prev by Date: Re: Bundle or not in negotiation
Next by Date: RE: Bundle or not in negotiation
Prev by thread: IPv6 in the IPSec MIB
Next by thread: questions re: pki ExtendedKeyUsage
Index(es):
- Main
- Thread