[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocol and port fields in selectors

To: Joe Touch <touch@ISI.EDU>
Subject: Re: Protocol and port fields in selectors
From: Stephen Kent <kent@bbn.com>
Date: Mon, 7 Oct 2002 18:39:23 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <3D931E46.1010505@isi.edu>
References: <F40FB5FE550A914F9C25AA54AB09E36818910C@esebe015.ntc.nokia.com><3D931E46.1010505@isi.edu>
Sender: owner-ipsec@lists.tislabs.com

At 7:48 AM -0700 9/26/02, Joe Touch wrote:
>sakari.poussa@nokia.com wrote:
>>Hi,
>>
>>I have a question about protocol and src/dst port fields in the SAD 
>>selectors.
>>
>>Is it allowed to have the protocol field as wildcard and still 
>>specify src/dst
>>port as a specific value? Or is it so that transport layer protocol 
>>which actually
>>has ports (like TCP/UDP/SCTP) must be specified along with the ports.
>>
>>I guess it is the latter case according to the rfc2401, page 20 table, but
>>I just wanted to be sure.
>
>Not all transport protocols even have ports (e.g., IP, ICMP, and EGP 
>are all 'transport' protocols, and none have ports). The port field 
>is defined only relative to a particular transport protocol.
>
>To cover multiple protocols under one port (e.g., TCP/NFS and 
>UDP/NFS) seems to require multiple selectors.
>
>Joe

Joe is right in his response re 2401 and IKEv1. In 2401bis and the 
next generation key management protocol, we plan to support lists of 
ranges of selectors, as suggested in the JFK documents, which will 
allow mapping multiple sets of ports to the same SA.

Steve

Prev by Date: draft-ietf-ipsec-ciph-aes-ctr-01.txt
Next by Date: RE: Protocol and port fields in selectors
Prev by thread: Re: Protocol and port fields in selectors
Next by thread: RE: Protocol and port fields in selectors
Index(es):
- Date
- Thread