[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPD policy document/article
At 10:39 PM -0800 11/21/02, Wes Hardaker wrote:
> >>>>> On Thu, 21 Nov 2002 19:21:05 -0500, Stephen Kent <kent@bbn.com> said:
>
>Stephen> RFC 2401 establishes the standard for the minimum required
>Stephen> data elements for the SPD used in IPsec, and then defines how
>Stephen> a conformant IPsec implementation uses this data. So, I
>Stephen> assume your comments are referring to other protocols, right?
>
>RFC2401 does talk about the SPD but in a very minimal context. The
>IPSP work is intended to define Ipsec Security Policy in greater detail.
>
>--
>Wes Hardaker
>Network Associates Laboratories
Wes,
2401 defines what a compliant IPsec implementation MUST do. the IPsec
WG is responsible for defining IPsec device compliance. IPSP cannot
define additional requirements for what it means to be IPsec
compliant without impinging on the IPsec WG charter. I thought IPSP
was responsible to protocols for policy negotiation, for higher level
policy definition, etc., but not for policy at the level of detail
that the SPD, since that would result in 2 WGs with responsibility
for the same data structure. Maybe we need AD clarification here.
Steve