[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Proposed changes to IKEv2 based on IESG comments
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Charlie" == Charlie Kaufman <charliek@microsoft.com> writes:
Charlie> ********MOST LIKELY TO BE CONTROVERSIAL********
>> 2.19: Use IP addresses from the sample range (RFC 3330) instead
>> of RFC 1918 addresses.
Charlie> RFC3330 reserves addresses of the form 192.0.2.0/24 for
Charlie> examples in documentation. Unfortunately, negotiation of
Charlie> traffic selectors requires specification of two
Charlie> subnets. They are currently taken from 10.*, which is
Charlie> reserved for local use. While in theory, on might divide
Charlie> 192.0.2.0 into multiple subnets, this is likely in practice
Charlie> to be confusing.
I suggest that you use 192.0.2.0 and 192.0.3.0.
Internet Assigned Numbers Authority RESERVED-192 (NET-192-0-0-0-1)
192.0.0.0 - 192.0.127.255
I'm told that new numbers will be assigned for examples.
I would stay away from 10.* because in my experience, people think
that it has something to with NAT, and get confused.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQP0qfIqHRg3pndX9AQFSGAQAlHgrzxx6tr3Y8Fz1TNQacLkhb/SZ+Bza
go5IKcRPdzfCHsGkWVEiRv7qTOfPfhjNaweLBvz06vbYDuFc6GnK3/UpSRpdGnY8
IZt+tla2wC9JZdKDhkmqT6BFBmuNFzTacHLG68WoaJk50moiQg/0DZGOlKCK0Rw+
nNyT1XAY0EY=
=COAM
-----END PGP SIGNATURE-----
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec