[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE proposal formation

	No sir Key Management ( IKE ) has to concern with SA bundles because IKE has to set the proposal
	number accordingly .Hope you agree the function of proposal number as stated in ISAKMP 2408.By
	the way what is mailing list for PF_KEY 

:Markku.Savela@research.nokia.com] wrote :

> You can't. PF_KEY does not support bundles. Oh, there's been
> discussion about
> fixing that on the PF_KEY list but right now it does not
> exist. For one of the ideas on
> how to do it, see

Also, I wish to point out (again) that IPSEC (as per RFC-2401) works 100%
fine without any support for bundles from the the key management. The need
to add "bundles" into PFKEY is a pure IKE artifact, not required by the
IPSEC itself. (As I have tried to say several times on this mailing list,
key management should just negotiate keys, it does not need to concern
itself with the policy and bundles at all).