[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: phase 2 and ports
On Mon, 26 Jun 2000, Jari Arkko wrote:
> Jan Vilhuber wrote:
>
> > Here's the problem: Some protocols float ports (example l2tp, ftp, h.323, to
> > name a few). Other protocols a priori use more than one port (can't think of
>
> This is a real problem.
>
> Maybe we could come up with an API or a protocol to enable applications
> to control security services in the manner you propose.
Does anyone remember the draft titled:
draft-mcdonald-simple-ipsec-api-01.txt
It has long since expired and I don't recall giving it more than a casual glance
at the time, but I am wondering whether there was anything useful in this draft
to use as a starting point for such an API.
If someone still has a copy of this sitting around, please send it to me.
-Skip
>
> >a) port-ranges would be usefull for applications that know a priori what
>
> I remember in the last IETF Steven Bellovin gave a talk about a similar
> problem for SCTP (one of the signaling protocols). There the problem was
> with several IP addresses. If somebody's going to extend ID payloads,
> such extensions should cover both issues.
>
> > ports they are going to use. On a side note, it's always kind of bothered
> > me that we need 2 ID payloads. I assume this is so we can reuse the ID
>
> Isn't this because, say, L2TP client is has a wildcard port number and
> the server a fixed one?
>
> Jari
>
>
References: