Re: Getting focus for son-of-IKE

[Ari Huttunen <Ari.Huttunen@F-Secure.com>]

Scott Kelly wrote:
> 
> Stephen Kent wrote:
> >
> > Paul,
> >
> > I generally like your analysis for IKE, but I would also like to
> > suggest that there may be a few "added functions" that should be on
> > the list.  For example, we stripped out several negotiation features
> > for phase II which had been supported in the SPD, e.g., port ranges
> > or lists vs. individual port numbers.  I'd like to see these added
> > back.
> >
> > Steve
> 
> I agree with Steve. In general, I would like to see a more comprehensive
> selector specification mechanism in IKE.
> 
> Scott

Definitely, if possible! We, like many others, support firewall functionality,
and can specify allowed traffic very finely in terms of local / remote port
numbers. Since these cannot be specified in IKE, the end result is potentially
very confusing for customers.

Ari

-- 
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security

---

References:

• Getting focus for son-of-IKE
• From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
• Re: Getting focus for son-of-IKE
• From: Stephen Kent <kent@bbn.com>
• Re: Getting focus for son-of-IKE
• From: Scott Kelly <skelly@redcreek.com>

---

• Prev by Date: Re: I-D ACTION:draft-ietf-ipsec-ike-modp-groups-00.txt
• Next by Date: Re: I-D ACTION:draft-ietf-ipsec-ike-modp-groups-00.txt
• Prev by thread: Re: Getting focus for son-of-IKE
• Next by thread: Re: Getting focus for son-of-IKE
• Index(es):
  • Main
  • Thread