Re: phase 2 and ports
Skip Booth <ebooth@cisco.com> Mon, 26 June 2000 21:54 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA24537; Mon, 26 Jun 2000 14:54:52 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA21233 Mon, 26 Jun 2000 15:26:08 -0400 (EDT)
Date: Mon, 26 Jun 2000 15:33:57 -0400
From: Skip Booth <ebooth@cisco.com>
To: Jari Arkko <Jari.Arkko@lmf.ericsson.se>
cc: Jan Vilhuber <vilhuber@cisco.com>, ipsec@lists.tislabs.com
Subject: Re: phase 2 and ports
In-Reply-To: <3956FCCC.2A96334F@lmf.ericsson.se>
Message-ID: <Pine.GSO.4.10.10006261528380.22790-100000@uzura.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
On Mon, 26 Jun 2000, Jari Arkko wrote: > Jan Vilhuber wrote: > > > Here's the problem: Some protocols float ports (example l2tp, ftp, h.323, to > > name a few). Other protocols a priori use more than one port (can't think of > > This is a real problem. > > Maybe we could come up with an API or a protocol to enable applications > to control security services in the manner you propose. Does anyone remember the draft titled: draft-mcdonald-simple-ipsec-api-01.txt It has long since expired and I don't recall giving it more than a casual glance at the time, but I am wondering whether there was anything useful in this draft to use as a starting point for such an API. If someone still has a copy of this sitting around, please send it to me. -Skip > > >a) port-ranges would be usefull for applications that know a priori what > > I remember in the last IETF Steven Bellovin gave a talk about a similar > problem for SCTP (one of the signaling protocols). There the problem was > with several IP addresses. If somebody's going to extend ID payloads, > such extensions should cover both issues. > > > ports they are going to use. On a side note, it's always kind of bothered > > me that we need 2 ID payloads. I assume this is so we can reuse the ID > > Isn't this because, say, L2TP client is has a wildcard port number and > the server a fixed one? > > Jari > >
- phase 2 and ports Jan Vilhuber
- Re: phase 2 and ports Jari Arkko
- Re: phase 2 and ports Bill Sommerfeld
- Re: phase 2 and ports Steven M. Bellovin
- Re: phase 2 and ports Skip Booth
- RE: phase 2 and ports Andrew Krywaniuk
- Re: phase 2 and ports Dan Harkins
- Re: phase 2 and ports Skip Booth
- Re: phase 2 and ports Valery Smyslov
- Re: phase 2 and ports Stephen Kent
- Re: phase 2 and ports Jari Arkko
- Re: phase 2 and ports Jan Vilhuber
- Re: phase 2 and ports Scott G. Kelly
- Re: phase 2 and ports Daniel Fox
- Re: phase 2 and ports Bill Sommerfeld
- RE: phase 2 and ports andrew.krywaniuk
- Re: phase 2 and ports Frederic Detienne
- Re: phase 2 and ports Hilarie Orman
- Re: phase 2 and ports Stephen Kent
- Re: phase 2 and ports Bill Sommerfeld
- RE: phase 2 and ports Claudio Lordello
- Re: phase 2 and ports Daniel Fox
- IPSEC WG vs. IPSP/ISPRA WGs (Re: phase 2 and port… Ari Huttunen
- Re: IPSEC WG vs. IPSP/ISPRA WGs (Re: phase 2 and … Angelos D. Keromytis