[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SOI QUESTION: 5.3 SPD entries

To: ipsec@lists.tislabs.com
Subject: SOI QUESTION: 5.3 SPD entries
From: "Theodore Ts'o" <tytso@mit.edu>
Date: Thu, 11 Jul 2002 16:31:37 -0400
Phone: (781) 391-3464
Sender: owner-ipsec@lists.tislabs.com


Please discuss and answer the following question:


5.3 SPD entries

5.3.A) Is it important in SOI to allow the the responder to accept a subset 
of the proposed SA, or should it be an all or nothing acceptance?

5.3.B) Should the SOI offer multiple selectors with specific ports and
addresses, or a single selector with a range of ports and range of
addresses?  (complicated boolean complexity!)  

Implications from the scenarios:

<<<In the case of a pair of SGWs fronting multiple non-contiguous
subnets, a mechanism that allowed the negotiation of a list of phase 2
identities will help to alleviate the number of IPsec tunnels that must
be created.>>> [[[5.3]]]

Follow-Ups:
- Re: SOI QUESTION: 5.3 SPD entries
  - From: Markku Savela <msa@burp.tkv.asdf.org>
- Re: SOI QUESTION: 5.3 SPD entries
  - From: Stephen Kent <kent@bbn.com>
- Re: SOI QUESTION: 5.3 SPD entries
  - From: Jean-Jacques Puig <jean-jacques.puig@int-evry.fr>
- Re: SOI QUESTION: 5.3 SPD entries
  - From: Ari Huttunen <Ari.Huttunen@f-secure.com>
- Re: SOI QUESTION: 5.3 SPD entries
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: SOI QUESTION: 5.3 SPD entries
  - From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: ipsec vs l2tp
Next by Date: SOI QUESTION: 6. Wire protocol issues: Message Encoding
Prev by thread: Re: ipsec vs l2tp
Next by thread: Re: SOI QUESTION: 5.3 SPD entries
Index(es):
- Date
- Thread