RE: Move TS to optional (RE: Don't remove TS from IKEv2)

[Michael Choung Shieh <mshieh@netscreen.com>]

> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@tibernian.com]
> Sent: Monday, March 25, 2002 11:00 AM
> To: Rajesh Mohan
> Cc: IP Security List
> Subject: Re: Move TS to optional (RE: Don't remove TS from IKEv2) 
> 
> 
> On Fri, 22 Mar 2002 18:01:10 PST you wrote
> > 
> > We do not need no-TS feature if IKEv2 can solve all cases. 
> Can we configure
> > IKEv2 such that between the same pair of host we have "ESP 
> null for H.323"
> > and "ESP for FTP"? If the draft cannot cover this case, 
> then no-TS feature
> > will be useful where it is needed.
> 
> IKEv2 is not configured to express that, the SPD is. Can you 
> configure the
> SPD to express "ESP for FTP" or "ESP null for H.323"? If you 
> can then that
> representation in the SPD is passed to IKEv2 when a packet 
> matches that rule
> and no SA exists. If you cannot then this is not an IKEv2 issue.
> 
>   Dan.
> 

It IS an IKEv2 issue when SPD is converted to TS and TS is used in IKEv2.
Everyone MUST have a standard way to say what is "FTP" or "H323".  The
representation of SPD and the conversion of SPD to TS must be standardized
to achieve IKE interoperability.

Michael Shieh