[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Move TS to optional (RE: Don't remove TS from IKEv2)



  The SPD is an ordered list of selectors that define a set of IP traffic
to which a particular security policy is applied. RFC2401 is specific
about what a selector is. Can you define "FTP" or "H.323" using a ordered
list of RFC2401-defined selectors? If so please tell me how. If not then
please tell me why you think IKEv2 should be able to express something
that you are not able to configure in the first place?

  Dan.

On Mon, 25 Mar 2002 11:54:18 PST you wrote
> 
> > -----Original Message-----
> > From: Dan Harkins [mailto:dharkins@tibernian.com]
> > Sent: Monday, March 25, 2002 11:00 AM
> > To: Rajesh Mohan
> > Cc: IP Security List
> > Subject: Re: Move TS to optional (RE: Don't remove TS from IKEv2) 
> > 
> > 
> > On Fri, 22 Mar 2002 18:01:10 PST you wrote
> > > 
> > > We do not need no-TS feature if IKEv2 can solve all cases. 
> > Can we configure
> > > IKEv2 such that between the same pair of host we have "ESP 
> > null for H.323"
> > > and "ESP for FTP"? If the draft cannot cover this case, 
> > then no-TS feature
> > > will be useful where it is needed.
> > 
> > IKEv2 is not configured to express that, the SPD is. Can you 
> > configure the
> > SPD to express "ESP for FTP" or "ESP null for H.323"? If you 
> > can then that
> > representation in the SPD is passed to IKEv2 when a packet 
> > matches that rule
> > and no SA exists. If you cannot then this is not an IKEv2 issue.
> > 
> >   Dan.
> > 
> 
> It IS an IKEv2 issue when SPD is converted to TS and TS is used in IKEv2.
> Everyone MUST have a standard way to say what is "FTP" or "H323".  The
> representation of SPD and the conversion of SPD to TS must be standardized
> to achieve IKE interoperability.
> 
> Michael Shieh