[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2401bis Issue # 89 -- Remove the selector "name"

To: "Scott G. Kelly" <scott@airespace.com>
Subject: Re: 2401bis Issue # 89 -- Remove the selector "name"
From: Stephen Kent <kent@bbn.com>
Date: Fri, 31 Oct 2003 11:27:36 -0500
Cc: Karen Seo <kseo@bbn.com>, ipsec mailingList <ipsec@lists.tislabs.com>
In-Reply-To: <3F97FA6A.7000207@airespace.com>
References: <p05200facbbbcf436f1dd@[128.89.89.115]><3F97FA6A.7000207@airespace.com>
Sender: owner-ipsec@lists.tislabs.com

At 8:57 -0700 10/23/03, Scott G. Kelly wrote:
>The name selector is often used for remote access, and maybe for 
>other applications. I know of several ipsec implementations which 
>use fqdn for remote access policy selection, and without DN, how do 
>we apply access controls based on certs?
>
>Scott

Folks,

I apologize for this confusion. Karen and I spoke about what to do re 
symbolic names in the SPD, before I left for a trip. I was confused 
about which selector types we were discussing, and as a result caused 
Karen to send the issue #89 message.

We do NOT plan to remove the ability to associate a symbolic name 
with an SPD entry. However, 2401 did a poor job of explaining how to 
use this facility and we plan to do a better job in 2401bis.  Karen 
is drafting a revised message about what we plan to say in 2401bis on 
this topic.

Sorry for the confusion. Please comment on the new text when it comes 
out next week.

Steve

References:
- 2401bis Issue # 89 -- Remove the selector "name"
  - From: Karen Seo <kseo@bbn.com>
- Re: 2401bis Issue # 89 -- Remove the selector "name"
  - From: "Scott G. Kelly" <scott@airespace.com>

Prev by Date: Possible problem in IKEv2?
Next by Date: Re: question about draft-ietf-ipsec-nat-t-ike-07
Prev by thread: Re: 2401bis Issue # 89 -- Remove the selector "name"
Next by thread: Host Identity Protocol Architecture and BOF
Index(es):
- Date
- Thread