Re: phase 2 and ports

[Jari Arkko <Jari.Arkko@lmf.ericsson.se>]

Jan Vilhuber wrote:

> Here's the problem: Some protocols float ports (example l2tp, ftp, h.323, to
> name a few). Other protocols a priori use more than one port (can't think of

This is a real problem.

Maybe we could come up with an API or a protocol to enable applications
to control security services in the manner you propose. 

>a) port-ranges would be usefull for applications that know a priori what

I remember in the last IETF Steven Bellovin gave a talk about a similar
problem for SCTP (one of the signaling protocols). There the problem was
with several IP addresses. If somebody's going to extend ID payloads,
such extensions should cover both issues.

>    ports they are going to use. On a side note, it's always kind of bothered
>    me that we need 2 ID payloads. I assume this is so we can reuse the ID

Isn't this because, say, L2TP client is has a wildcard port number and
the server a fixed one?

Jari

---

Follow-Ups:

• Re: phase 2 and ports
• From: Skip Booth <ebooth@cisco.com>
• Re: phase 2 and ports
• From: Skip Booth <ebooth@cisco.com>

References:

• phase 2 and ports
• From: Jan Vilhuber <vilhuber@cisco.com>

---

• Prev by Date: Re: phase 2 and ports
• Next by Date: Re: phase 2 and ports
• Prev by thread: Re: phase 2 and ports
• Next by thread: Re: phase 2 and ports
• Index(es):
  • Main
  • Thread