[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protection of port 500

To: Pervaiz Rizvi <shoaib21@juno.com>
Subject: Re: Protection of port 500
From: Jason R Thorpe <thorpej@zembu.com>
Date: Mon, 15 Jan 2001 13:46:28 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <20010115.124614.-530629.1.shoaib21@juno.com>; from shoaib21@juno.com on Mon, Jan 15, 2001 at 12:44:06PM -0800
Mail-Followup-To: Jason R Thorpe <thorpej@zembu.com>,Pervaiz Rizvi <shoaib21@juno.com>, ipsec@lists.tislabs.com
Organization: Zembu Labs, Inc.
References: <20010115.124614.-530629.1.shoaib21@juno.com>
Reply-To: thorpej@zembu.com
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.2.5i

On Mon, Jan 15, 2001 at 12:44:06PM -0800, Pervaiz Rizvi wrote:

 > Do you mean IPsec implementations silently
 > ignore the configured policy to protect
 > udp/500 with IPsec?

No, I meant precisely what I said.

As you seem to be already aware, you can't exactly use ESP to protect
IKE transactions because IKE is used to exchange keys for ESP.  Therefore,
the IKE daemon needs to override the system-wide policy for the sockets
it creates and use some other mechanism to protect its transactions.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>

References:

Re: Protection of port 500

From: Pervaiz Rizvi <shoaib21@juno.com>

Prev by Date: Re: Protection of port 500
Next by Date: Re: Protection of port 500
Prev by thread: Re: Protection of port 500
Next by thread: Re: Protection of port 500
Index(es):
- Main
- Thread