IETF Logo Mail Archive

Re: [Ipsec] Applications over IPsec

Lakshminath Dondeti <ldondeti@qualcomm.com> Thu, 20 April 2006 17:16 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWcm0-00031P-98; Thu, 20 Apr 2006 13:16:56 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWcly-00031K-Tb for ipsec@ietf.org; Thu, 20 Apr 2006 13:16:54 -0400
Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWcly-0003HB-IW for ipsec@ietf.org; Thu, 20 Apr 2006 13:16:54 -0400
Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by numenor.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k3KHFdeO007102 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 20 Apr 2006 10:15:42 -0700
Received: from LDONDETI.qualcomm.com (ldondeti.na.qualcomm.com [129.46.173.20]) by magus.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k3KHFaMB023010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 20 Apr 2006 10:15:38 -0700 (PDT)
Message-Id: <6.2.5.6.2.20060420101153.03f0bca0@qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 20 Apr 2006 10:15:31 -0700
To: Stephen Kent <kent@bbn.com>, Vishwas Manral <vishwas.ietf@gmail.com>
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [Ipsec] Applications over IPsec
In-Reply-To: <p06230904c06a9d505fc2@[128.89.89.106]>
References: <77ead0ec0604141450o246e99abp2b0582fcb7d6d0bd@mail.gmail.com> <p0623090ac0694da2f006@128.89.89.106> <77ead0ec0604171809v70c534d0h40451d0e4edf59dd@mail.gmail.com> <p06230904c06a9d505fc2@[128.89.89.106]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Errors-To: ipsec-bounces@ietf.org

At 06:53 AM 4/18/2006, Stephen Kent wrote:
>At 6:09 PM -0700 4/17/06, Vishwas Manral wrote:
>>Hi Stephen,
>>
>>I see issues in drafts using IPsec then:
>><http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-auth-08.txt>http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-auth-08.txt 
>>states that transport mode is a MUST and Tunnel mode is a MAY. This 
>>is more related to RFC4301 though.
>>
>>Regarding the algorithms to be supported for ESP and AH(RFC4305), I 
>>will add a clear recommendation for applications to use.
>>
>>Thanks,
>>Vishwas
>
>
>yes, I am aware of the OSPFv3 security I-D.  The MUST vs. MAY re 
>tunnel and transport modes does not bother me.  These folks are 
>defining what an OSPF router has to do as a HOST in the routing 
>environment, not as a GATEWAY. The same would be tyrue if one 
>employed IPsec to protect BGP sessions.
>
>The bigger problem is that OSPF needs multicast support and we don't 
>have what they need.  The MSEC WG did not provide the necessary 
>extensions to the SPD and SAD to accommodate multicast uses ala 
>OSPF. Thus the OSPF folks tried to make do with what was defined, 
>and the result is not pretty.

As I read through this thread, I will try and respond to the MSEC 
work on IPsec extensions.  There is in fact work underway on Russ's 
request to provide extensions to IPsec to support multicast.  We've 
never received requirements from the OSPF group.  I recall someone 
(Sandy perhaps) making a statement at some point that there is 
interest from the OSPF WG.  I will ping the OSPF chairs today to see what's up.

thanks and regards,
Lakshminath


>Steve
>_______________________________________________
>Ipsec mailing list
>Ipsec@ietf.org
>https://www1.ietf.org/mailman/listinfo/ipsec


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email