[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2401bis Issue #69 -- Multiple protocols per SPD entry

To: ipsec mailingList <ipsec@lists.tislabs.com>
Subject: 2401bis Issue #69 -- Multiple protocols per SPD entry
From: Karen Seo <kseo@bbn.com>
Date: Fri, 12 Sep 2003 20:27:53 -0400
Cc: byfraser@cisco.com, tytso@mit.edu, "Angelos D. Keromytis" <angelos@cs.columbia.edu>, kivinen@ssh.fi, kseo@bbn.com
Sender: owner-ipsec@lists.tislabs.com

Folks,

Here's a description and proposed approach for:

IPsec Issue #:	69

Title:		Multiple protocols per SPD entry

Description:
============
How does one SPD entry cover multiple protocols associated with one 
port, e.g., TCP/NFS and UDP/NFS?


Proposed approach:
==================
The addition of support for lists of ranges of selectors (Issue #47) 
in an SPD entry allows a single port (e.g., a well-known port) to be 
used with multiple protocols, on the same SA. It also allows multiple 
ports under the same protocol to be mapped to one SA, etc. Note, 
however, that this capability does not permit an SPD entry to specify 
that different ports in a list are to be used with different 
protocols. Thus, for example, if an SPD entry contains a list with 
both TCP and UDP, and the entry contains destination ports A & B, 
then TCP and UDP traffic for either port will be acceptable for the 
resulting SA.


Thank you,
Karen

Prev by Date: 2401bis Issue #70 -- Add diffserv (IPv4) and class (IPv6) asselectors
Next by Date: Last Call: 'A Traffic-Based Method of Detecting Dead IKE Peers' to Informational RFC
Prev by thread: 2401bis Issue #70 -- Add diffserv (IPv4) and class (IPv6) asselectors
Next by thread: Re: 2401bis Issue #69 -- Multiple protocols per SPD entry
Index(es):
- Date
- Thread