IETF Logo Mail Archive

Re: [Seamoby] CAR DiscoveryProtocol Requirements...

Vijay Devarapalli <vijayd@iprg.nokia.com> Fri, 11 January 2002 18:49 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA25411 for <seamoby-archive@odin.ietf.org>; Fri, 11 Jan 2002 13:49:13 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA11580; Fri, 11 Jan 2002 13:38:24 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA11551 for <seamoby@optimus.ietf.org>; Fri, 11 Jan 2002 13:38:22 -0500 (EST)
Received: from mailhost.iprg.nokia.com (mailhost.iprg.nokia.com [205.226.5.12]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA25053 for <seamoby@ietf.org>; Fri, 11 Jan 2002 13:38:19 -0500 (EST)
Received: from darkstar.iprg.nokia.com (darkstar.iprg.nokia.com [205.226.5.69]) by mailhost.iprg.nokia.com (8.9.3/8.9.3-GLGS) with ESMTP id KAA12435; Fri, 11 Jan 2002 10:37:51 -0800 (PST)
Received: (from root@localhost) by darkstar.iprg.nokia.com (8.11.0/8.11.0-DARKSTAR) id g0BIbo400737; Fri, 11 Jan 2002 10:37:50 -0800
X-mProtect: Fri, 11 Jan 2002 10:37:50 -0800 Nokia Silicon Valley Messaging Protection
Received: from vijayd.iprg.nokia.com (205.226.2.94, claiming to be "iprg.nokia.com") by darkstar.iprg.nokia.com smtpdnCW6G5; Fri, 11 Jan 2002 10:37:48 PST
Message-ID: <3C3F30FD.E7AE8703@iprg.nokia.com>
Date: Fri, 11 Jan 2002 10:37:49 -0800
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: "Hesham Soliman (ERA)" <hesham.soliman@era.ericsson.se>
CC: seamoby@ietf.org
Subject: Re: [Seamoby] CAR DiscoveryProtocol Requirements...
References: <4DA6EA82906FD511BE2F00508BCF053801C4C1E1@Esealnt861.al.sw.ericsson.se>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: seamoby-admin@ietf.org
Errors-To: seamoby-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Context Transfer, Handoff Candidate Discovery, and Dormant Mode Host Alerting <seamoby.ietf.org>
X-BeenThere: seamoby@ietf.org
Content-Transfer-Encoding: 7bit

"Hesham Soliman (ERA)" wrote:
> 
> [reply for a very old mail]
> 
>   > can you make IKE create an SA between two nodes (one having
>   > a public address and another having a private address)?
> 
> => Yes you can. There are IKE extensions for this.

which RFC?? 

---------------

from Aboba's draft draft-ietf-ipsec-nat-reqts-00.txt

c) Incompatibility between IKE address identifiers and NAT.
   Where IP addresses are used as identifiers in IKE MM [7]
   or QM, modification of the IP source or destination
   addresses by NATs or reverse NATs will result in a
   mismatch between the identifiers and the addresses in the
   IP header. As described in [7], IKE implementations are
   required to discard such packets.

   In order to avoid use of IP addresses as IKE MM and QM identifiers,
   userIDs and FQDNs can be used instead. Where user authentication
   is desired, an ID type of ID_USER_FQDN can be used, as described in
   [5]. Where machine authentication is desired, an ID type of ID_FQDN
   can be used. In either case it is necessary to verify that the
   proposed identity matches that enclosed in the certificate.
   However, while use of USER_FQDN or FQDN identity types is possible
   within IKE, there are usage scenarios (e.g. SPD entries
   describing subnets) that cannot be accommodated this way.

------------------

However there are a couple of internet drafts in the IPSec WG
dealing with this. Hopefully they will have a solution soon.

If I am missing something, let me know.

Vijay


> I'm obviously not interested in anything involving
> private addresses, but your point is incorrect.
> 
> Hesham

_______________________________________________
Seamoby mailing list
Seamoby@ietf.org
https://www1.ietf.org/mailman/listinfo/seamoby

v2.23.0 | Report a Bug | By Email