[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] Applications over IPsec

Title: Re: [Ipsec] Applications over IPsec
At 6:09 PM -0700 4/17/06, Vishwas Manral wrote:
Hi Stephen,

I see issues in drafts using IPsec then:
http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-auth-08.txt states that transport mode is a MUST and Tunnel mode is a MAY. This is more related to RFC4301 though.

Regarding the algorithms to be supported for ESP and AH(RFC4305), I will add a clear recommendation for applications to use.


yes, I am aware of the OSPFv3 security I-D.  The MUST vs. MAY re tunnel and transport modes does not bother me.  These folks are defining what an OSPF router has to do as a HOST in the routing environment, not as a GATEWAY. The same would be tyrue if one employed IPsec to protect BGP sessions.

The bigger problem is that OSPF needs multicast support and we don't have what they need.  The MSEC WG did not provide the necessary extensions to the SPD and SAD to accommodate multicast uses ala OSPF. Thus the OSPF folks tried to make do with what was defined, and the result is not pretty.

Ipsec mailing list