[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Applications over IPsec
Title: Re: [Ipsec] Applications over
At 6:09 PM -0700 4/17/06, Vishwas Manral wrote:
I see issues in drafts using IPsec then:
http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-auth-08.txt states that transport mode is a MUST and Tunnel mode is
a MAY. This is more related to RFC4301 though.
Regarding the algorithms to be supported for ESP and AH(RFC4305), I
will add a clear recommendation for applications to use.
yes, I am aware of the OSPFv3 security I-D. The MUST vs.
MAY re tunnel and transport modes does not bother me. These
folks are defining what an OSPF router has to do as a HOST in the
routing environment, not as a GATEWAY. The same would be tyrue if one
employed IPsec to protect BGP sessions.
The bigger problem is that OSPF needs multicast support and we
don't have what they need. The MSEC WG did not provide the
necessary extensions to the SPD and SAD to accommodate multicast uses
ala OSPF. Thus the OSPF folks tried to make do with what was defined,
and the result is not pretty.
Ipsec mailing list