[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on jfk and ikev2 drafts

To: ipsec@lists.tislabs.com
Subject: Re: comments on jfk and ikev2 drafts
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 12 Dec 2001 16:39:37 -0700
In-reply-to: Your message of "Wed, 12 Dec 2001 16:16:33 MST." <Pine.LNX.4.21.0112121615190.582-100000@localhost>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jan" == Jan Vilhuber <vilhuber@cisco.com> writes:
    mcr> As far as I can tell, neither proposal yet explains to me how to *add* new
    mcr> traffic to an existing IPsec SA without rekeying it. 

    Jan> I wasn't aware it was supposed to, although it's a feature of huge personal
    Jan> interest. Is there some text in the drafct I missed? Can you point it out?

  The key is that the protocol has some way to establish a new SA
independantly of setting the traffic selectors. Perhaps Cheryl can add a
section to her draft about selectors and adding/subtracting of selectors.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [
  
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPBfqt4qHRg3pndX9AQEnSAQApoYfO2nZHrM/tQHs9Cpt66NWxqBhP8VP
vF9pnY5VPq0q2o/I++ISHeEHV7D6Z4dA7KtLj1MAQiW3SmQkDuUytQjIeQVYhBHH
HnVpqhtyxIS5qks3ulxoMqjZ18xwXt08lhFUS96Q1DQn/svIkvwLp9jKsnOLBOk/
T1XAKolJ/tE=
=n/TB
-----END PGP SIGNATURE-----

References:

Re: comments on jfk and ikev2 drafts

From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: Re: comments on jfk and ikev2 drafts
Next by Date: fragmentation
Prev by thread: Re: comments on jfk and ikev2 drafts
Next by thread: Re: comments on jfk and ikev2 drafts
Index(es):
- Main
- Thread