[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE (was RE: Reliable delete notifies)

To: ipsec@lists.tislabs.com
Subject: Re: Simplifying IKE (was RE: Reliable delete notifies)
From: Mark Baugher <mbaugher@passedge.com>
Date: Mon, 16 Oct 2000 09:09:42 -0700
In-Reply-To: <200010140112.SAA28664@potassium.network-alchemy.com>
References: <Your message of "Fri, 13 Oct 2000 16:49:36 PDT." <Pine.LNX.4.21.0010131648490.380-100000@localhost>
Sender: owner-ipsec@lists.tislabs.com

  
>Secure multicast will require a different key exchange not just a
>different DOI.


Page 15 of RFC 2408 reads:
"
    services.  A DOI defines:

     o  A "situation":  the set of information that will be used to
        determine the required security services.

     o  The set of security policies that must, and may, be supported.

     o  A syntax for the specification of proposed security services.

     o  A scheme for naming security-relevant information, including
        encryption algorithms, key exchange algorithms, security policy
        attributes, and certificate authorities.

     o  The specific formats of the various payload contents.

     o  Additional exchange types, if required.
"
Thus, a DOI defines new exchanges.  So what does it mean that multicast will require a new key exchange (not just a new DOI) when one of the Internet Standards-track specs says it can be extended with new exchanges?  It is a problem that both RFC 2408 and RFC 2409 claim to support DOIs.  Does one use RFC 2408 to define a new DOI or RFC 2409?


Mark

References:

Re: Simplifying IKE (was RE: Reliable delete notifies)

From: Dan Harkins <dharkins@cips.nokia.com>

Prev by Date: RE: charter question re IKE changes
Next by Date: Re: Definition of PFS...
Prev by thread: Re: Simplifying IKE (was RE: Reliable delete notifies)
Next by thread: Re: Simplifying IKE (was RE: Reliable delete notifies)
Index(es):
- Main
- Thread