[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Addresses in traffic selectors in IKEv2

To: Mike Ditto <ford@incog.com>, kent@bbn.com
Subject: Re: Addresses in traffic selectors in IKEv2
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Tue, 19 Mar 2002 09:49:49 -0600
Cc: ipsec@lists.tislabs.com
In-Reply-To: <200203190130.RAA03604@potomac.incog.com>
References: <200203190130.RAA03604@potomac.incog.com>
Sender: owner-ipsec@lists.tislabs.com

At 5:30 PM -0800 3/18/02, Mike Ditto wrote:
>  > >There is no advantage to having multiple types in this case, so we should
>>  >ditch the less generic ones.
>  >
>>  Paul makes a good point.
>>
>>  Ranges can be used to express what masks can express and so we should
>>  probably do away with masks. We should also prohibit trivial ranges
>>  that define a single address.
>
>I disagree; that seems to miss Paul's point.  Ranges are necessary and
>sufficient, and an address set should be composed of a list of ranges.

Mike is correct: what I propose is that we use ranges *only* so that 
there is not two ways to express the same thing. If there are two 
ways to express the same thing, we lose interoperability.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: Addresses in traffic selectors in IKEv2
  - From: David Waitzman <djw@bbn.com>

References:
- Re: Addresses in traffic selectors in IKEv2
  - From: Mike Ditto <ford@incog.com>

Prev by Date: Re: Addresses in traffic selectors in IKEv2
Next by Date: Re: Addresses in traffic selectors in IKEv2
Prev by thread: Re: Addresses in traffic selectors in IKEv2
Next by thread: Re: Addresses in traffic selectors in IKEv2
Index(es):
- Date
- Thread