[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some comments to draft-ietf-ipsec-ikev2-00.txt
>>>>> "Charles" == Charles Lynn <clynn@bbn.com> writes:
>>> I think it would be better to change the format of subnet selectors
>>> to be IPVx_ADDRESS + Number of bits in the mask. It would remove the
>>> problems what to do when the other end proposes mask 0xff00ff00?
>>> (According to above it is completely valid :-)
Dan> A mask of 0xff00ff00 _is_ completely valid.
Michael> CIDR routing people would strongly disagree.
Charles> The format that the routing folk use to identify networks to be advertised
Charles> has little to do with what IPsec uses to identify systems that may use a
Charles> particular SA (other than both being aggregations of IP addresses). The
Charles> two have different requirements.
Maybe, but they use the same pieces of silicon.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
References: