[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE negotiation for ICMP message type selectors

To: sommerfeld@east.sun.com
Subject: Re: IKE negotiation for ICMP message type selectors
From: itojun@iijlab.net
Date: Thu, 26 Jun 2003 11:53:13 +0900
Cc: Stephen Kent <kent@bbn.com>, ipsec@lists.tislabs.com
In-reply-to: sommerfeld's message of Wed, 25 Jun 2003 20:59:40 -0400. <200306260059.h5Q0xeq3003180@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

>> For example, we've had discussion on the list about using ICMP 
>> message type fields in lieu of port fields, when ICMP was the
>> payload.
>> 
>> What do people think, and why?
>
>Long overdue.  
>
>Particularly important for IKE and IPv6 (as, pending introduction of
>some facility to secure Neighbor Discovery) you likely want ND traffic
>in clear while other ICMPv6 traffic is protected.

	we will need to do this every time new protocol becomes available.
	i guess we should make the concept of "selector" more generic.
	(for KAME implementation i'm thinking of switching to BPF-based policy)

itojun

Follow-Ups:
- Re: IKE negotiation for ICMP message type selectors
  - From: "Scott G. Kelly" <scott@airespace.com>

References:
- Re: IKE negotiation for ICMP message type selectors
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: IKE negotiation for ICMP message type selectors
Next by Date: Re: IKE negotiation for ICMP message type selectors
Prev by thread: Re: IKE negotiation for ICMP message type selectors
Next by thread: Re: IKE negotiation for ICMP message type selectors
Index(es):
- Date
- Thread