[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Specification of tunnel/transport attribute in IKEv2

To: Markku Savela <msa@burp.tkv.asdf.org>
Subject: Re: Specification of tunnel/transport attribute in IKEv2
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 15 May 2002 10:23:28 -0400 (EDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <200205150216.FAA16715@burp.tkv.asdf.org>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 15 May 2002, Markku Savela wrote:
> > Simply removing these issues from IKE does not make them go away.
> 
> There is no need for such other protocol. Assuming your implementation
> is conformant to RFC-2401, it already does the policy checking,
> whether IKE is present or not.

It does not do consistency checking to ensure that the policies on the two
ends match.  Nor does it have any way of selecting between policy options,
when the other end may not accept all choices.  These are practical issues
of great importance, however trivial they may seem in theory. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:
- Re: Specification of tunnel/transport attribute in IKEv2
  - From: Markku Savela <msa@burp.tkv.asdf.org>

References:
- Re: Specification of tunnel/transport attribute in IKEv2
  - From: Markku Savela <msa@burp.tkv.asdf.org>

Prev by Date: Re: Specification of tunnel/transport attribute in IKEv2
Next by Date: Re: Ikev2 Traffic Selector payload
Prev by thread: Re: Specification of tunnel/transport attribute in IKEv2
Next by thread: Re: Specification of tunnel/transport attribute in IKEv2
Index(es):
- Date
- Thread