[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Re: I-D ACTION:draft-richardson-ipsec-rr-01.txt



Hi,

Just to clarify.

In case both public key and gateway field in IPSECKEY RR exist,
how should I interpret it?

If the gateway field is the same as the owner name of RR,
it should be considered as a security gateway.

for example,
  owner name: "Security Gateway 1"
  public key: "bar"
  gateway   : "Security Gateway 1"

If both the public key and the gateway field exist, and the
gateway name is not the same as the owner name of RR, should
I consider that there will be nested SAs like following?

  Host 1 -------- Internet ----------- Security --- Host 2
   | |                                 Gateway1        |
   | |                                     |           |
   | -------Security Association 1----------           |
   |                                                   |
   ----------------Security Association 2---------------

  owner name: "Host 2"
  public key: "foo"
  gateway   : "Security Gateway 1"

  owner name: "Security Gateway 1"
  public key: "bar"
  gateway   : "Security Gateway 1" (or none?)

Regards.

-- 
Tatsuya BABA      babatt@nttdata.co.jp
R&D Headquarters, NTT DATA CORPORATION

-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.