[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How are Initiator's Proposals checked by Responder?

To: <sleepy-cat@263.net>, <ipsec@lists.tislabs.com>, "Pravin Kantak" <pravin@intotoinc.com>
Subject: Re: How are Initiator's Proposals checked by Responder?
From: "Jari Arkko" <jari.arkko@kolumbus.fi>
Date: Thu, 20 Sep 2001 07:43:55 +0300
References: <5.0.0.25.0.20010919110308.022a3a90@192.168.1.10>
Sender: owner-ipsec@lists.tislabs.com


>         I want to know if rfc2367 has defined the behavior of the 
> responder in SA negotiation!
>         I only see the initiator's behavior is defined in 5.1 of rfc2367. 
> The proposals are passed from kernel to KMd using Message SADB_ACQUIRE. 
> When responder's KMd gets the proposals, how it communicates with kernel 
> to determine  which proposal is proper?

This is an issue that can be solved either by the duplication of traffic-level
policy information in both the kernel and user spaces, or by an extension
to PF_KEY. An extension that I once designed and reported in a now
expired internet draft can be found below:

http://www.piuha.net/~jarkko/publications/draft-arkko-pfkey-reference-00.txt

Jari

Follow-Ups:

Re: How are Initiator's Proposals checked by Responder?

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

References:

Re: How are Initiator's Proposals checked by Responder?

From: Pravin Kantak <pravin@intotoinc.com>

Prev by Date: ESP and AH questions
Next by Date: cisco rsa key - openssl read
Next by thread: Re: inbound vs outbound?
Index(es):
- Main
- Thread