[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Seemingly duplicated attributes in DMTF IPsec model
Whereas the IETF model only models IPsec policy necessary to configure an
IPsec device, the DMTF model also models the current state of the IPsec
device (i.e., what SAs are established). The classes you mention,
SecurityAssocation and IKESecurityAssocation, are used to model the state of
the device. That is why you are seeing a duplication.
Jamie
> -----Original Message-----
> From: Man.M.Li@xxxxxxxxx [mailto:Man.M.Li@xxxxxxxxx]
> Sent: Thursday, January 04, 2001 2:38 PM
> To: rafalow@xxxxxxxxxxxxxxx; ipsec-policy@xxxxxxxx
> Subject: Seemingly duplicated attributes in DMTF IPsec model
>
>
> Hi,
>
> The SANegotiationAction class and the SecurityAssociation
> class seem to have
> two attributes in common - IdleDurationSeconds and
> RefreshThresholdKilobytes. In addition, the LifeTime attributes in
> SecurityAssociation look very similar to the Lifetime attributes in
> SATransform class.
>
> Similarly, The IKESecurityAssociation class and IKEProposal
> class both have
> Cipher, hash algorithms, groupId etc.
>
> There must be good reasons for these seemingly duplicated
> attributes. Can
> any one give a hint?
>
> Man Li
> Nokia
> 5 Wayside Road, Burlington, MA 01803
> man.m.li@xxxxxxxxx
> phone 1-781-993-3923
> GSM 1-781-492-2850
>
>