[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec management via pf_key

To: ipsec@lists.tislabs.com
Subject: IPSec management via pf_key
From: Ken E <ken1e2002@yahoo.ca>
Date: Tue, 11 Jun 2002 16:22:32 -0400 (EDT)
Sender: owner-ipsec@lists.tislabs.com

Hi, 

I am evaluating the PF_KEY protocol to use with an
IPSec implementation / IKE Daemon and have the
following questions.

- There are no provisions in the SADB_ACQUIRE to pass
phase 1 specific parameters to the IKE Daemon (i.e.
shared secret, cert related data). Have there been any
developments in PF_KEY (or related protocols) to
accomodate this? 

- There doesn't appear to be any support for SA
bundles?

- Looking through the archives, it appears that some
vendors have implemented / suggested using proprietary
extensions to PF_KEY. What is the preferred method of
adding extension messages that will not overlap with
other proprietary implementations? This will obviously
break any interoperability!!

- There was some mention in the archives of a
PF_POLICY protocol to interact with the SPD - any
update on this?

Obviously, I can go ahead and define my own
proprietary protocol / extension to cater for my
requirements, but would prefer to use any existing
standard, if available.

Any help on this will be appreciated.

Thanks in advance...

Ken

______________________________________________________________________ 
Movies, Music, Sports, Games! http://entertainment.yahoo.ca

Prev by Date: Re: IPComp CA and IPsec SA negotiations
Next by Date: draft-ietf-ipsec-properties
Prev by thread: Ready for IETF last call: draft-ietf-ipsec-ike-modp-groups-04.txt
Next by thread: draft-ietf-ipsec-properties
Index(es):
- Date
- Thread