[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] Proposed changes to IKEv2 based on IESG comments

To: "Charlie Kaufman" <charliek@microsoft.com>
Subject: Re: [Ipsec] Proposed changes to IKEv2 based on IESG comments
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 20 Jul 2004 10:21:49 -0400
Cc: ipsec@ietf.org
In-reply-to: Message from "Charlie Kaufman" <charliek@microsoft.com> of "Sun,18 Jul 2004 16:13:33 PDT."<F5F4EC6358916448A81370AF56F211A503504414@RED-MSG-51.redmond.corp.microsoft.com>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <F5F4EC6358916448A81370AF56F211A503504414@RED-MSG-51.redmond.corp.microsoft.com>
Sender: ipsec-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Charlie" == Charlie Kaufman <charliek@microsoft.com> writes:
    Charlie> ********MOST LIKELY TO BE CONTROVERSIAL********
    >> 2.19: Use IP addresses from the sample range (RFC 3330) instead
    >> of RFC 1918 addresses.

    Charlie> RFC3330 reserves addresses of the form 192.0.2.0/24 for
    Charlie> examples in documentation. Unfortunately, negotiation of
    Charlie> traffic selectors requires specification of two
    Charlie> subnets. They are currently taken from 10.*, which is
    Charlie> reserved for local use. While in theory, on might divide
    Charlie> 192.0.2.0 into multiple subnets, this is likely in practice
    Charlie> to be confusing.

  I suggest that you use 192.0.2.0 and 192.0.3.0.

Internet Assigned Numbers Authority RESERVED-192 (NET-192-0-0-0-1) 
                                  192.0.0.0 - 192.0.127.255

  I'm told that new numbers will be assigned for examples.
  I would stay away from 10.* because in my experience, people think
that it has something to with NAT, and get confused.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQP0qfIqHRg3pndX9AQFSGAQAlHgrzxx6tr3Y8Fz1TNQacLkhb/SZ+Bza
go5IKcRPdzfCHsGkWVEiRv7qTOfPfhjNaweLBvz06vbYDuFc6GnK3/UpSRpdGnY8
IZt+tla2wC9JZdKDhkmqT6BFBmuNFzTacHLG68WoaJk50moiQg/0DZGOlKCK0Rw+
nNyT1XAY0EY=
=COAM
-----END PGP SIGNATURE-----

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [Ipsec] Proposed changes to IKEv2 based on IESG comments
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- [Ipsec] Proposed changes to IKEv2 based on IESG comments
  - From: "Charlie Kaufman" <charliek@microsoft.com>

Prev by Date: RE: [Ipsec] Proposed changes to IKEv2 based on IESG comments
Next by Date: Re: [Ipsec] Proposed changes to IKEv2 based on IESG comments
Previous by thread: RE: [Ipsec] Proposed changes to IKEv2 based on IESG comments
Next by thread: Re: [Ipsec] Proposed changes to IKEv2 based on IESG comments
Index(es):
- Date
- Thread