[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE should not do policy [Re: Query : PF_KEY related]

To: <msa@hemuli.tte.vtt.fi>, <Jari.Arkko@lmf.ericsson.se>
Subject: Re: IKE should not do policy [Re: Query : PF_KEY related]
From: "Hilarie Orman" <horman@novell.com>
Date: Mon, 11 Dec 2000 11:16:54 -0700
Cc: <ipsec@lists.tislabs.com>, <ipsec-policy@vpnc.org>
Sender: owner-ipsec@lists.tislabs.com

The IPSP WG has several drafts relating to discovery and negotiation of IPSec
Policy.  In general, IKE cannot always make an offer that will result in
establishing an SA, even when the parties involved have mutually acceptable
policies.  The problem is exacerbated when multiple gateways are involved.
IPSP was created to solve this problem.

Other IPSP drafts relate to the information model for representing
configuration policy and its instantiation for specific repositories,
such as COPS.

Commentary on the IPSP drafts by hardcore IPSec'ers is welcome.

Hilarie
IPSP co-chair

Prev by Date: RE: IPv6 Neighbour Solicitation messages and IPsec
Next by Date: Re: Give me a example to test AH header!
Prev by thread: Re: Give me a example to test AH header!
Next by thread: Proposal in IKE and IP packet format
Index(es):
- Main
- Thread