[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compare-jfk-sigma.txt



Hmm..

Does JFK do policy or not? A quick read through the draft didn't make
it quite clear.

Seeing some selector payloads introduced in IKE2, I think this is
totally wrong direction. Key negotiation does not need the selectors
(and old IKE should not have tried to use id payloads to pass
selector/policy type information).

If Key negotiation protocol is open for new ideas, I would strongly
prefer a key negotiation that only negotiates one directional SA as
requested by the kernel side of the IPSEC (in my case, key management
is provided with the information about the required SA via PFKEYv2
ACQUIRE message). It does not need to know about selectors, it does
not need to know even if the SA is for tunnel or transport mode! Also,
note that key management doesn't need care about bundles either!

If JFK fullfills this wish, I would be very interested to get
implementation into Symbian EPOC OS :-). The kernel side supports
functionality of PFKEYv2.

-- 
Markku Savela <Markku.Savela@iki.fi>






Follow-Ups: References: