[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compare-jfk-sigma.txt

To: Markku Savela <msa@burp.tkv.asdf.org>
Subject: Re: compare-jfk-sigma.txt
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 11 Dec 2001 15:36:55 -0500 (EST)
cc: mcr@sandelman.ottawa.on.ca, ipsec@lists.tislabs.com
In-Reply-To: <200112080027.CAA22278@burp.tkv.asdf.org>
Sender: owner-ipsec@lists.tislabs.com

On Sat, 8 Dec 2001, Markku Savela wrote:
> >   That sounds great for outbound/initiator.
> >   How does one communicate selectors to the kernel of the responder?
> 
> Policy is what gets handed down to you by a person (or a system)
> responsible for the security of the site or service you want to use
> and which is protected by IPSEC.

Assuming that both you and the site/service you want to use are under
the same administration.  Which is by no means universally true.

There is also the desirability of checking for errors.  Even under a
common administration, just because the two ends are *supposed* to agree
on security policy does not mean they do, and a silent failure of
agreement can result in no communication and no clear indication of why. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: compare-jfk-sigma.txt

From: Markku Savela <msa@burp.tkv.asdf.org>

Prev by Date: vendorid text in ikev2 draft
Next by Date: suggestion for JFK
Prev by thread: Re: compare-jfk-sigma.txt
Next by thread: RE: compare-jfk-sigma.txt
Index(es):
- Main
- Thread