[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: QoS selectors (was LAST CALL: IKE)
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Radia" == Radia Perlman <- Boston Center for Networking <Radia.Perlman@sun.com>> writes:
Radia> Hmm. Actually, I think there is no reason to negotiate which
Radia> TOS values go on which SA. The reason for different SAs for
Radia> different TOS values is so that the sequence numbers don't get
Radia> too far off (assuming that different TOS's go at different speeds).
Radia> So it seems like the sender, which knows it wants to send n
Radia> different
Radia> TOSs for which speeds will vary, can open n SAs, and choose which
Radia> of the TOSs to send on which of them.
Sounds good in theory.
It is not clear to me that everyone agrees that they can negotiate multiple
SAs with IKEvX that do not apparently differ in terms of negotiated
selectors.
Further, the *responding* system doesn't know what the initiator wanted,
so even if the initiator knows how to demux, it needs a way to tell the
responder.
Radia> A few of us had worked out language in the hallway at the last IETF,
Radia> explicitly saying things like that only the creator of an SA could
Radia> delete a redundant SA, but I think it was declared too late to make
Radia> design decisions like that that might have other implications.
That sounds okay, but still isn't perfect.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPvJnCoqHRg3pndX9AQGyUwP9EJTWcvJ4oCSd88KrYGtgsFVRw4Si96SO
NHydCWHdBYdv4Gkk8FOr/wmhO+31EOwUjwGSN+hqTBkW1xA7cEhulCNY6HBLKbAg
J0Yp4F/3rD0TKSJ8K2PSArXXvHeZXF4aC6sh6pzeAX3o+awkt7dgIEA2IjNzSVNI
NokYfP19z2I=
=10Kh
-----END PGP SIGNATURE-----