[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New traffic Selectors in RFC2401bis

To: "Stephen Kent" <kent@bbn.com>
Subject: Re: New traffic Selectors in RFC2401bis
From: "Mohan Parthasarathy" <mohanp@sbcglobal.net>
Date: Mon, 17 Nov 2003 10:36:00 -0800
Cc: <ipsec@lists.tislabs.com>
References: <008201c3acb4$872b79d0$6401a8c0@adithya> <p06010202bbde88b82bb7@[128.89.89.75]>
Sender: owner-ipsec@lists.tislabs.com



> At 18:43 -0800 11/16/03, Mohan Parthasarathy wrote:
> >Hello,
> >
> >RFC2401bis defines ICMP type and code as selector. AFAIK, this itself can
be
> >negotiated
> >only using IKEv2 traffic selector and one cannot use IKEv1 ID payload. If
> >this is correct,
> >is it worth clarifying in the document ? I can see that the IKE reference
> >has been removed
> >currently. I assume that both IKE versions will be referenced in the
future
> >revision. In that
> >case it might be worth clarifying the issue i guess. Not sure what else
is
> >IKEv2 specific.
> >
> >thanks
> >mohan
>
> Mohan,
>
> In general, 2401bis is closely aligned with features of IKEv2.  The
> new structure of SPD entries allows one SA to represent several,
> distinct S/D address pairs or port ranges, etc. This too cannot be
> negotiated with IKE v1. In general, 2401bis represents an updating of
> 2401 that also assumes use of IKE v2 vs. v1.
>
Ok. It might be worth clarifying this somewhere in the 2401bis which i
think would be helpful.

thanks
mohan

> Steve

References:
- New traffic Selectors in RFC2401bis
  - From: "Mohan Parthasarathy" <mohanp@sbcglobal.net>
- Re: New traffic Selectors in RFC2401bis
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: PMTU discovery for tunnels: issues 78, 49, 81
Next by Date: [no subject]
Previous by thread: Re: New traffic Selectors in RFC2401bis
Next by thread: [no subject]
Index(es):
- Date
- Thread