IETF Logo Mail Archive

adding port number to ISAKMP Internet DOI ID's

pau@watson.ibm.com Tue, 18 June 1996 20:36 UTC

Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa06018; 18 Jun 96 16:36 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa06014; 18 Jun 96 16:36 EDT
Received: from neptune.tis.com by CNRI.Reston.VA.US id aa20055; 18 Jun 96 16:36 EDT
Received: from neptune.tis.com by neptune.TIS.COM id aa09566; 18 Jun 96 16:19 EDT
Received: from relay.tis.com by neptune.TIS.COM id aa09552; 18 Jun 96 16:14 EDT
Received: by relay.tis.com; id QAA15709; Tue, 18 Jun 1996 16:16:48 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: pau@watson.ibm.com
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Received: from sol.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma015694; Tue, 18 Jun 96 16:16:16 -0400
Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA21053; Tue, 18 Jun 96 16:16:14 EDT
Received: by relay.tis.com; id QAA15688; Tue, 18 Jun 1996 16:16:14 -0400
Received: from igw2.watson.ibm.com(129.34.139.6) by relay.tis.com via smap (V3.1.1) id xma015683; Tue, 18 Jun 96 16:16:11 -0400
Received: from mailhub1.watson.ibm.com (mailhub1.watson.ibm.com [9.2.249.31]) by igw2.watson.ibm.com (8.7.4/8.7.1) with ESMTP id QAA10598 for <ipsec@TIS.COM>; Tue, 18 Jun 1996 16:19:05 -0400
Received: from secpwr.watson.ibm.com (secpwr.watson.ibm.com [9.2.24.17]) by mailhub1.watson.ibm.com (8.7.1/03-28-96) with SMTP id QAA35165; Tue, 18 Jun 1996 16:17:17 -0400
Received: by secpwr.watson.ibm.com (AIX 4.1/UCB 5.64/4.03) id AA22378; Tue, 18 Jun 1996 16:22:52 -0400
Date: Tue, 18 Jun 1996 16:22:52 -0400
Message-Id: <9606182022.AA22378@secpwr.watson.ibm.com>
To: ipsec@tis.com
Subject: adding port number to ISAKMP Internet DOI ID's
Cc: hugo@watson.ibm.com
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Md5: CnmK5Ig8iN6hW/vIGfwJWw==
X-Orig-Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

I would like to suggest adding port number and protocol as an
option field to ISAKMP Internet DOI ID's. The field could be sent together
with a IPv4 or IPv6 address. The address:port:protocol ID can be used
as IDui or IDur during proxy negotiation.

I think this feature is useful for per-user or per-connection keying.
Say, when a user wishes to secure a particular connection.


Pau-Chen

Disclaimer: This message is NOT intended to re-ignite the debate on
            per-user keying. Personally, I like to see all communication
            secured with one secure tunnel whose keys are frequently refreshed. 
            But I have encountered much more than one request
            for per-user/connection keying (Which means some packets
            can be unprotected.).  In any case, I think the
            cost of adding the field is small. So I suggest ISAKMP provide
            this flexibility. A responder can always refuse such a request.

v2.29.0 | Report a Bug | By Email | System Status