[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Don't remove TS from IKEv2

To: "'sommerfeld@east.sun.com'" <sommerfeld@east.sun.com>, Michael Choung Shieh <mshieh@netscreen.com>
Subject: RE: Don't remove TS from IKEv2
From: Michael Choung Shieh <mshieh@netscreen.com>
Date: Thu, 21 Mar 2002 21:00:54 -0800
Cc: "'Michael Richardson'" <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


if TS (so is SPD) is not exact match in peer-to-peer, then traffic may be
silently rejected after IKE is up.  This totally defeats the MAIN purpose of
TS.  then what good is TS?

Michael

> -----Original Message-----
> From: Bill Sommerfeld [mailto:sommerfeld@east.sun.com]
> Sent: Thursday, March 21, 2002 2:55 PM
> To: Michael Choung Shieh
> Cc: 'Michael Richardson'; ipsec@lists.tislabs.com
> Subject: Re: Don't remove TS from IKEv2 
> 
> 
> > No.  But I believe for peer-to-peer (each side can be 
> either initiator or
> > responder) the proxy-id or TS must be exact matched.  am I wrong?
> 
> There's no fundamental reason why this has to be the case, and I
> believe that TS can be defined such that an exact match is not
> necessary.
> 
> 					- Bill
>

Prev by Date: RE: Don't remove TS from IKEv2
Next by Date: RE: Don't remove TS from IKEv2
Prev by thread: RE: Don't remove TS from IKEv2
Next by thread: RE: Don't remove TS from IKEv2
Index(es):
- Date
- Thread