[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Selector fields for ICMP in Arch doc

To: ipsec-errors@sandelman.ottawa.on.ca
Subject: Re: Selector fields for ICMP in Arch doc
From: Stephen Kent <kent@bbn.com>
Date: Tue, 24 Nov 1998 13:14:10 -0500
Cc: ipsec@tis.com, ipsec-errors@sandelman.ottawa.on.ca
In-Reply-To: <199811161641.LAA23421@venus.solidum.com>
Sender: owner-ipsec@ex.tis.com

Michael,

>  One point that I think ICMP group is unanimous is that the SPD/SAD support
>for ICMP. We feel that it should be extended to include ICMP type and code
>fields as selectors.
>
>  Matt Crawford has suggested that since the architecture document provides
>a minimum set, the IPv6 people can impose additional requirements if they
>need.
>  The question is do we want to make these an item for the IPv4 Standard's
>Arch document? I suggest that the text read like:
>	"An implementation MAY support ICMP as a selector for the SAD. If an
>	implementation does support ICMP, then it MUST support both ICMP
>	type and code as selectors"
>
>  Stephen? What say you?

I agree that we should extend the architecture doc to include selectors for
ICMP processing, as part of a more comprehensive ICMP processing
description, under IPsecond.

>  This has ramifications for IKE as well: however, if you consider type/code
>to be a 16 bit item, you might pretend that it is the "port" field. I suggest
>that type be made the MSB and code the LSB.
>
>  [do we have RFCs yet???? Do we even have numbers?]

Yes, the numbers are 2401-2412.  Jon assigned them prior to his death, to
allow us to cite them appropriately in a National Reserach Council report
that Bellovin and I worked on.

Steve

References:

Selector fields for ICMP in Arch doc

From: Michael Richardson <mcr@solidum.com>

Prev by Date: Re: ISAKMP Extended Authentication
Next by Date: Standard APIs for ISAKMP
Prev by thread: Selector fields for ICMP in Arch doc
Next by thread: IPSECond
Index(es):
- Main
- Thread