[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Specification of tunnel/transport attribute in IKEv2

To: "Prof. Ahmed Bin Abbas Ahmed Ali Adas" <alaadas@kaau.edu.sa>
Subject: Re: Specification of tunnel/transport attribute in IKEv2
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 15 May 2002 10:20:14 -0400 (EDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <001501c1fbe1$02a0f1c0$4d17fea9@amanda2>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 15 May 2002, Prof. Ahmed Bin Abbas Ahmed Ali Adas wrote:
> In protocol architecture, the policy making should be totally isolated from
> the Key Agreement Protocols or Key Transport Protocols.

This is a reasonable principle, but it does not change what I said:
separating the two issues still leaves two issues to be dealt with.

The policy checking within IKE is important, and removing it from IKE does
not remove the requirement that it be dealt with somehow.  Esthetically
distasteful though it may be, dealing with it within IKE has been quite
successful and has met users' needs well. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- Re: Specification of tunnel/transport attribute in IKEv2
  - From: "Prof. Ahmed Bin Abbas Ahmed Ali Adas" <alaadas@kaau.edu.sa>

Prev by Date: Re: JFK nit
Next by Date: Re: Specification of tunnel/transport attribute in IKEv2
Prev by thread: Re: Specification of tunnel/transport attribute in IKEv2
Next by thread: Ikev2 IKE-SA rekey collision
Index(es):
- Date
- Thread