Re: phase 2 and ports

[Skip Booth <ebooth@cisco.com>]

On Mon, 26 Jun 2000, Jari Arkko wrote:

> Jan Vilhuber wrote:
> 
> > Here's the problem: Some protocols float ports (example l2tp, ftp, h.323, to
> > name a few). Other protocols a priori use more than one port (can't think of
> 
> This is a real problem.
> 
> Maybe we could come up with an API or a protocol to enable applications
> to control security services in the manner you propose. 

Does anyone remember the draft titled:

draft-mcdonald-simple-ipsec-api-01.txt

It has long since expired and I don't recall giving it more than a casual glance
at the time, but I am wondering whether there was anything useful in this draft
to use as a starting point for such an API.

If someone still has a copy of this sitting around, please send it to me.

-Skip

> 
> >a) port-ranges would be usefull for applications that know a priori what
> 
> I remember in the last IETF Steven Bellovin gave a talk about a similar
> problem for SCTP (one of the signaling protocols). There the problem was
> with several IP addresses. If somebody's going to extend ID payloads,
> such extensions should cover both issues.
> 
> >    ports they are going to use. On a side note, it's always kind of bothered
> >    me that we need 2 ID payloads. I assume this is so we can reuse the ID
> 
> Isn't this because, say, L2TP client is has a wildcard port number and
> the server a fixed one?
> 
> Jari
> 
>

---

References:

• Re: phase 2 and ports
• From: Jari Arkko <Jari.Arkko@lmf.ericsson.se>

---

• Prev by Date: Re: phase 2 and ports
• Next by Date: Re: phase 2 and ports
• Prev by thread: Re: phase 2 and ports
• Next by thread: RE: phase 2 and ports
• Index(es):
  • Main
  • Thread