[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Don't remove TS from IKEv2

To: sommerfeld@east.sun.com
Subject: Re: Don't remove TS from IKEv2
From: Mike Ditto <ford@incog.com>
Date: Wed, 20 Mar 2002 14:41:16 -0800 (PST)
CC: mshieh@netscreen.com, ipsec@lists.tislabs.com
In-reply-to: <200203202028.g2KKSpgw013737@thunk.East.Sun.COM> (message fromBill Sommerfeld on Wed, 20 Mar 2002 15:28:51 -0500)
Sender: owner-ipsec@lists.tislabs.com

> > Besides, how do you decide if tunnel can be created 
> 
> two words:
> 
> "transport mode"

I'm sure Michael meant tunnel in the generic sense, not in the
encapsulation sense.  The point is that SOI should negotiate keys and
SAs, but since each endpoint already has a policy that it must apply
on every packet anyway, we don't need key management also to give
policy refinements.  Additionally, no existing or proposed traffic
selector notation can describe all commonly used services.

					-=] Mike [=-

Follow-Ups:
- Re: Don't remove TS from IKEv2
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>
- Re: Don't remove TS from IKEv2
  - From: Derek Atkins <warlord@mit.edu>

References:
- Re: Don't remove TS from IKEv2
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: RE: remove TS from IKEv2 (RE: Addresses in traffic selectors in IKEv 2)
Next by Date: Re: Don't remove TS from IKEv2
Prev by thread: Re: Don't remove TS from IKEv2
Next by thread: Re: Don't remove TS from IKEv2
Index(es):
- Date
- Thread