[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: per-host keying
>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
Stephen> At 8:37 PM -0400 7/14/01, Michael Richardson wrote:
>> Thanks for the responses. I figured that I was blind.
>>
>> Should 2401 be revised at some point, I suggest the words "per-host keying"
>> be added to 4.4.1 section (a).
Stephen> In revising 2401 I plan to reword the selector discussion
Stephen> extensively, to clarify this detail that, as you noted, is easily
Stephen> missed. However, I would not call it "per host keying" because it
Stephen> can be used to achieve finer granularity keying. Still, we can put
Stephen> in the phrase (to make it easy to search for) as part of the
Stephen> discussion.
I suggest just adding text like:
"This mode can not only be used to create per-host or per-port keyed
SAs, but also to create new SA based upon unique values of any set of
selectors."
Anyway... thanks for all the pointers.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
References: