Re: [Ipsec] Applications over IPsec
Stephen Kent <kent@bbn.com> Tue, 18 April 2006 14:25 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVr8k-0005yX-FF; Tue, 18 Apr 2006 10:25:14 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVr8h-0005yS-Pr for ipsec@ietf.org; Tue, 18 Apr 2006 10:25:11 -0400
Received: from mx11.bbn.com ([128.33.0.80]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVr8h-0001xp-Gw for ipsec@ietf.org; Tue, 18 Apr 2006 10:25:11 -0400
Received: from dhcp89-089-106.bbn.com ([128.89.89.106]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1FVr8h-0002hZ-3K; Tue, 18 Apr 2006 10:25:11 -0400
Mime-Version: 1.0
Message-Id: <p06230904c06a9d505fc2@[128.89.89.106]>
In-Reply-To: <77ead0ec0604171809v70c534d0h40451d0e4edf59dd@mail.gmail.com>
References: <77ead0ec0604141450o246e99abp2b0582fcb7d6d0bd@mail.gmail.com> <p0623090ac0694da2f006@128.89.89.106> <77ead0ec0604171809v70c534d0h40451d0e4edf59dd@mail.gmail.com>
Date: Tue, 18 Apr 2006 09:53:21 -0400
To: Vishwas Manral <vishwas.ietf@gmail.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: [Ipsec] Applications over IPsec
X-Spam-Score: 0.1 (/)
X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2104149841=="
Errors-To: ipsec-bounces@ietf.org
At 6:09 PM -0700 4/17/06, Vishwas Manral wrote: >Hi Stephen, > >I see issues in drafts using IPsec then: ><http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-auth-08.txt>http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-auth-08.txt >states that transport mode is a MUST and Tunnel mode is a MAY. This >is more related to RFC4301 though. > >Regarding the algorithms to be supported for ESP and AH(RFC4305), I >will add a clear recommendation for applications to use. > >Thanks, >Vishwas yes, I am aware of the OSPFv3 security I-D. The MUST vs. MAY re tunnel and transport modes does not bother me. These folks are defining what an OSPF router has to do as a HOST in the routing environment, not as a GATEWAY. The same would be tyrue if one employed IPsec to protect BGP sessions. The bigger problem is that OSPF needs multicast support and we don't have what they need. The MSEC WG did not provide the necessary extensions to the SPD and SAD to accommodate multicast uses ala OSPF. Thus the OSPF folks tried to make do with what was defined, and the result is not pretty. Steve
_______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Applications over IPsec Vishwas Manral
- Re: [Ipsec] Applications over IPsec Stephen Kent
- Re: [Ipsec] Applications over IPsec Vishwas Manral
- Re: [Ipsec] Applications over IPsec Stephen Kent
- Re: [Ipsec] Applications over IPsec Vishwas Manral
- Re: [Ipsec] Applications over IPsec Stephen Kent
- Re: [Ipsec] Applications over IPsec George Gross
- Re: [Ipsec] Applications over IPsec Stephen Kent
- Re: [Ipsec] Applications over IPsec Lakshminath Dondeti