[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2401bis Issue # 89 -- Remove the selector "name"
At 8:57 -0700 10/23/03, Scott G. Kelly wrote:
>The name selector is often used for remote access, and maybe for
>other applications. I know of several ipsec implementations which
>use fqdn for remote access policy selection, and without DN, how do
>we apply access controls based on certs?
>
>Scott
Folks,
I apologize for this confusion. Karen and I spoke about what to do re
symbolic names in the SPD, before I left for a trip. I was confused
about which selector types we were discussing, and as a result caused
Karen to send the issue #89 message.
We do NOT plan to remove the ability to associate a symbolic name
with an SPD entry. However, 2401 did a poor job of explaining how to
use this facility and we plan to do a better job in 2401bis. Karen
is drafting a revised message about what we plan to say in 2401bis on
this topic.
Sorry for the confusion. Please comment on the new text when it comes
out next week.
Steve