Re: SPD policy document/article

[Wes Hardaker <hardaker@tislabs.com>]

>>>>> On Fri, 22 Nov 2002 09:57:09 -0500, Stephen Kent <kent@bbn.com> said:

Stephen> 2401 defines what a compliant IPsec implementation MUST
Stephen> do. the IPsec WG is responsible for defining IPsec device
Stephen> compliance. IPSP cannot define additional requirements for
Stephen> what it means to be IPsec compliant without impinging on the
Stephen> IPsec WG charter.

The IPSP group doesn't mandate that you implement a SPD their way.
You are right that to be compliant you only need to implement the
minimum requirements of 2401.  The IPSP group has many things in their
charter (including policy discovery, etc).  The model (and MIB/PIB
extrapolations of it) are merely "one way" to implement the SPD.  It's
not required that you do so to be a IPsec compliant device.  Now, if
you want to be an IPsec compliant box which is compatible with other
boxes for configuration of the SPD then you might have to conform to
one of those other specs.  IE, IPsec WG = protocol; IPSP WG =
interoperability configuration of the protocol.

At least this is my take on it.  Listen to the ADs instead of me, of
course.  Or better yet, we have these things called charters that
should clear things up as well:

  http://www.ietf.org/html.charters/ipsp-charter.html
  http://www.ietf.org/html.charters/ipsec-charter.html

-- 
Wes Hardaker
Network Associates Laboratories