[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Specification of tunnel/transport attribute in IKEv2

To: henry@spsystems.net
Subject: Re: Specification of tunnel/transport attribute in IKEv2
From: Markku Savela <msa@burp.tkv.asdf.org>
Date: Wed, 15 May 2002 05:16:44 +0300
CC: andrew.krywaniuk@alcatel.com, ipsec@lists.tislabs.com
In-reply-to: <Pine.BSI.3.91.1020514203259.14998A-100000@spsystems.net>(message from Henry Spencer on Tue, 14 May 2002 20:34:00 -0400 (EDT))
References: <Pine.BSI.3.91.1020514203259.14998A-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

> On Sat, 11 May 2002, Markku Savela wrote:
> > If IKE negotiated only keys, these ordering issues would never have
> > surfaced.
> 
> On the contrary:  they would have surfaced, in whatever other protocol
> was devised to handle the policy checking.
> 
> Simply removing these issues from IKE does not make them go away.

There is no need for such other protocol. Assuming your implementation
is conformant to RFC-2401, it already does the policy checking,
whether IKE is present or not.

The issue of how the policies are installed to the hosts, is totally
different matter.

Follow-Ups:
- Re: Specification of tunnel/transport attribute in IKEv2
  - From: Henry Spencer <henry@spsystems.net>

References:
- Re: Specification of tunnel/transport attribute in IKEv2
  - From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: Specification of tunnel/transport attribute in IKEv2
Next by Date: Re: Specification of tunnel/transport attribute in IKEv2
Prev by thread: Re: Specification of tunnel/transport attribute in IKEv2
Next by thread: Re: Specification of tunnel/transport attribute in IKEv2
Index(es):
- Date
- Thread