[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE should not do policy [Re: Query : PF_KEY related]
The IPSP WG has several drafts relating to discovery and negotiation of IPSec
Policy. In general, IKE cannot always make an offer that will result in
establishing an SA, even when the parties involved have mutually acceptable
policies. The problem is exacerbated when multiple gateways are involved.
IPSP was created to solve this problem.
Other IPSP drafts relate to the information model for representing
configuration policy and its instantiation for specific repositories,
such as COPS.
Commentary on the IPSP drafts by hardcore IPSec'ers is welcome.