[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE v2 Requirements and backwards compatability

To: "Scott Fanning" <sfanning@cisco.com>
Subject: Re: IKE v2 Requirements and backwards compatability
From: Michael Thomas <mat@cisco.com>
Date: Tue, 18 Dec 2001 13:41:27 -0800 (PST)
Cc: "Henry Spencer" <henry@spsystems.net>, "IETF-IPSec" <ipsec@lists.tislabs.com>
In-Reply-To: <004101c1875d$802d1130$7480ad40@sfanninglaptop>
References: <Pine.BSI.3.91.1011217193344.7263b-100000@spsystems.net><004101c1875d$802d1130$7480ad40@sfanninglaptop>
Sender: owner-ipsec@lists.tislabs.com

Scott Fanning writes:
 > So, whatever we do, the next protocol will have to use a different UDP port?
 > Should that be a requirement, or is that too protocol specific?

   Dan felt pretty strongly that KINK should be on a
   different port. I suspect that many of his reasons
   apply here as the protocols being described only
   bear a passing resemblance to IKEv1. It may also
   be worthwhile to consider that one might want to
   shield via access control the various IPsec key
   management schemes from gateways and/or clients.

		      Mike

References:

Re: IKE v2 Requirements and backwards compatability

From: Henry Spencer <henry@spsystems.net>

Re: IKE v2 Requirements and backwards compatability

From: "Scott Fanning" <sfanning@cisco.com>

Prev by Date: RE: IKEv2 traffic selector subsetting.
Next by Date: Re: IKE v2 Requirements and backwards compatability
Prev by thread: Re: IKE v2 Requirements and backwards compatability
Next by thread: Re: IKE v2 Requirements and backwards compatability
Index(es):
- Main
- Thread