[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Applications over IPsec
Title: Re: [Ipsec] Applications over
IPsec
At 2:50 PM -0700 4/14/06, Vishwas Manral wrote:
Hi,
I had pointed out another issue regarding RFC4305. As we have decided
to rehash the RFC I thought we may want to revisit the issue.
The link to an earlier discussion is:
http://www.atm.tut.fi/list-archive/ipsec-2005/msg00755.html
To put the issue more generally, can we have an application which
specifies the use of IPsec but states a different set of MUST and
SHOULD from RFC4305. In a sense contradicting the RFC4305. L2TP for
example makes Transport mode a MUST though IPsec RFC's state that
Tunnel mode is a MUST and and Transport mode is a MAY.
Thanks,
Vishwas
The only relevant (IPsec) RFC re specification of when to support
each of these modes is RFC 4301. It describes when each of these modes
MUST be available, depending on the type of device and the way IPsec
is used. We modified the text from 2401 to address valid, additional
use cases as discussed in the WG, e.g., use of transport mode for
overlay nets.
It's generally viewed as OK for a protocol using IPsec to require
more stringent requirements when it profiles a base standard, but it
is not OK to remove requirements. That's the general notion of
"profiling" use of one standard in another. In that sense,
transforming a MAY into a MUST is just fine. Conversely, transforming
a MUST into a MAY is not.
Steve
_______________________________________________
Ipsec mailing list
Ipsec@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ipsec