[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: per-host keying

To: Stephen Kent <kent@bbn.com>
Subject: Re: per-host keying
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 17 Jul 2001 22:05:56 -0400
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Mon, 16 Jul 2001 10:21:59 EDT." <p05010405b778a8aac663@[128.33.84.34]>
Sender: owner-ipsec@lists.tislabs.com


 >>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
     Stephen> At 8:37 PM -0400 7/14/01, Michael Richardson wrote:
     >> Thanks for the responses. I figured that I was blind.
     >> 
     >> Should 2401 be revised at some point, I suggest the words "per-host keying"
     >> be added to 4.4.1 section (a).

     Stephen> In revising 2401 I plan to reword the selector discussion 
     Stephen> extensively, to clarify this detail that, as you noted, is easily 
     Stephen> missed.  However, I would not call it "per host keying" because it 
     Stephen> can be used to achieve finer granularity keying.  Still, we can put 
     Stephen> in the phrase (to make it easy to search for) as part of the 
     Stephen> discussion.

   I suggest just adding text like:
     "This mode can not only be used to create per-host or per-port keyed
     SAs, but also to create new SA based upon unique values of any set of
     selectors."

   Anyway... thanks for all the pointers.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

Re: per-host keying

From: Stephen Kent <kent@bbn.com>

Prev by Date: Note Well
Next by Date: I-D ACTION:draft-ietf-ipsec-improveike-00.txt
Prev by thread: Re: per-host keying
Next by thread: RE: per-host keying
Index(es):
- Main
- Thread