[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compare-jfk-sigma.txt




>   That sounds great for outbound/initiator.
> 
>   How does one communicate selectors to the kernel of the responder?

Policy is what gets handed down to you by a person (or a system)
responsible for the security of the site or service you want to use
and which is protected by IPSEC.

One should be able to activate multiple policies for different
services at same time. The combined policies form the IPSEC SPD.

It would be be nice to have a common format for the policy transfer
format. The format must cope with the fact that a user may access
several independent services with different policies at same time,
thus the format must be mergeable...

But, anyways, in my view, the policy is outside the key
negotiation. In normal case there is never a need to communicate the
policies at this point.

-- 
Markku Savela <Markku.Savela@iki.fi>








Follow-Ups: References: