[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some comments to draft-ietf-ipsec-ikev2-00.txt

To: ipsec@lists.tislabs.com
Subject: Re: Some comments to draft-ietf-ipsec-ikev2-00.txt
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 11 Dec 2001 12:57:17 -0700
In-reply-to: Your message of "Tue, 11 Dec 2001 11:19:06 EST." <200112111619.LAA07109@wolfe.bbn.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Charles" == Charles Lynn <clynn@bbn.com> writes:
    >>> I think it would be better to change the format of subnet selectors
    >>> to be IPVx_ADDRESS + Number of bits in the mask. It would remove the
    >>> problems what to do when the other end proposes mask 0xff00ff00?
    >>> (According to above it is completely valid :-)
    Dan> A mask of 0xff00ff00 _is_ completely valid.
    Michael> CIDR routing people would strongly disagree.

    Charles> The format that the routing folk use to identify networks to be advertised
    Charles> has little to do with what IPsec uses to identify systems that may use a
    Charles> particular SA (other than both being aggregations of IP addresses).  The
    Charles> two have different requirements.

  Maybe, but they use the same pieces of silicon.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

Re: Re: Some comments to draft-ietf-ipsec-ikev2-00.txt

From: Charles Lynn <clynn@bbn.com>

Prev by Date: Re: comments on jfk and ikev2 drafts
Next by Date: RE: IKEv2 and SIGMA
Prev by thread: Re: Re: Some comments to draft-ietf-ipsec-ikev2-00.txt
Next by thread: RE: Some comments to draft-ietf-ipsec-ikev2-00.txt
Index(es):
- Main
- Thread