[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTION: 6.5 Extensibility of the protocols

To: "Theodore Ts'o" <tytso@mit.edu>, <ipsec@lists.tislabs.com>
Subject: RE: SOI QUESTION: 6.5 Extensibility of the protocols
From: "Stephane Beaulieu" <stephane@cisco.com>
Date: Mon, 22 Jul 2002 10:57:07 -0400
Importance: Normal
In-Reply-To: <E17SzD3-0001rR-00@think.thunk.org>
Sender: owner-ipsec@lists.tislabs.com


> 
> 6.5 Extensibility of the protocols
> 
> 6.5.A) Should SOI have mechanisms for allowing extensions to the SOI
> protocol?

Yes

> 
> 6.5.B) Should SOI need a way to mark new extensions as critical?
> (i.e. If you don't understand a critical extension you must fail the
> entire negotiation)

Yes

> 
> Implications from the Scenarios:
> 
> VPN, End-to-End, : <<<Extensions to the IPsec (now known as phase 2)
> parameters are needed in order to negotiate QoS characteristics for
> the various tunnels.>>> [[[6.5]]]
> 
> IPS: <<<However, the discussion in [ietf-ips-security-xx.txt] calls out
> requirements for an API, in order to provide a means of pushing
> authentication information to the application (e.g. "this peer was
> authenticated with this cert"), so the application can decide what types
> of transactions are allowed by this peer.>>> [[[6.5]]]
> 
> PPVPN/MPLS: <<<it may make sense to expand the set of phase 2
> identifiers to also support an MPLS/VPN identifier (so the entity
> doing the SPD check can be separated from the entity doing the
> encapsulation).>>> [[[6.5]]]
> 
> Implications from the Scenarios:
> 
> [none]

References:
- SOI QUESTION: 6.5 Extensibility of the protocols
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: One base SOI ID? Humm
Next by Date: RE: [saag] RE: No need for SHA-2 Packet Authentication - Open Letter to the WG a nd Area Directors
Prev by thread: Re: SOI QUESTION: 6.5 Extensibility of the protocols
Next by thread: Agenda Items Solicitation
Index(es):
- Date
- Thread