SOI QUESTION: 6.5 Extensibility of the protocols

["Theodore Ts'o" <tytso@mit.edu>]

Please discuss and answer the following question (last one!):


6.5 Extensibility of the protocols

6.5.A) Should SOI have mechanisms for allowing extensions to the SOI
protocol?

6.5.B) Should SOI need a way to mark new extensions as critical?
(i.e. If you don't understand a critical extension you must fail the
entire negotiation)

Implications from the Scenarios:

VPN, End-to-End, : <<<Extensions to the IPsec (now known as phase 2)
parameters are needed in order to negotiate QoS characteristics for
the various tunnels.>>> [[[6.5]]]

IPS: <<<However, the discussion in [ietf-ips-security-xx.txt] calls out
requirements for an API, in order to provide a means of pushing
authentication information to the application (e.g. "this peer was
authenticated with this cert"), so the application can decide what types
of transactions are allowed by this peer.>>> [[[6.5]]]

PPVPN/MPLS: <<<it may make sense to expand the set of phase 2
identifiers to also support an MPLS/VPN identifier (so the entity
doing the SPD check can be separated from the entity doing the
encapsulation).>>> [[[6.5]]]

Implications from the Scenarios:

[none]