[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE (was RE: Reliable delete notifies)
>Secure multicast will require a different key exchange not just a
>different DOI.
Page 15 of RFC 2408 reads:
"
services. A DOI defines:
o A "situation": the set of information that will be used to
determine the required security services.
o The set of security policies that must, and may, be supported.
o A syntax for the specification of proposed security services.
o A scheme for naming security-relevant information, including
encryption algorithms, key exchange algorithms, security policy
attributes, and certificate authorities.
o The specific formats of the various payload contents.
o Additional exchange types, if required.
"
Thus, a DOI defines new exchanges. So what does it mean that multicast will require a new key exchange (not just a new DOI) when one of the Internet Standards-track specs says it can be extended with new exchanges? It is a problem that both RFC 2408 and RFC 2409 claim to support DOIs. Does one use RFC 2408 to define a new DOI or RFC 2409?
Mark
References: