[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
2401bis Issue # 89 -- Remove the selector "name"
Folks,
Here's a description and proposed approach for:
IPsec Issue #: 89
Title: Remove the selector "name"
Description
===========
In the interest of simplifying things, we propose to remove the
selector "Name". Is anyone using this selector?
Proposed approach
=================
Remove text such as the following:
[From Section 4.4.2 "Selectors"]
"- Name: There are 2 cases (Note that these name forms are
supported in the IPsec DOI.)
1. User ID
a. a fully qualified user name string (DNS),
e.g., mozart@foo.bar.com
b. X.500 distinguished name, e.g., C = US,
SP = MA, O = GTE Internetworking, CN =
Stephen T. Kent.
2. System name (host, security gateway, etc.)
a. a fully qualified DNS name, e.g.,
foo.bar.com
b. X.500 distinguished name
c. X.500 general name
NOTE: One of the possible values of this selector is
"OPAQUE".
[REQUIRED for the following cases. Note that support
for name forms other than addresses is not required for
manually keyed SAs.
o User ID
- native host implementations
- BITW and BITS implementations acting as HOSTS
with only one user
- security gateway implementations for INBOUND
processing.
o System names -- all implementations]"
Thank you,
Karen