[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ICIM: comment on IPsecPolicyGroup

To: ".ipsec-policy" <ipsec-policy@xxxxxxxx>
Subject: RE: ICIM: comment on IPsecPolicyGroup
From: "Jason, Jamie" <jamie.jason@xxxxxxxxx>
Date: Wed, 10 Jan 2001 09:21:38 -0800
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
Sender: owner-ipsec-policy@xxxxxxxxxxxxx

I believe we talked about this in San Diego and I agree that it would be
prudent that we derive the IKERule class from an intermediate that would be
something like you describe.

A small correction - IPsecPolicyGroup binds together a set of IKERules and a
set of IPsecRules (thus the * cardinality on each).

Jamie

> -----Original Message-----
> From: Ricky Charlet [mailto:rcharlet@xxxxxxxxxxxx]
> Sent: Tuesday, January 09, 2001 4:38 PM
> To: .ipsec-policy
> Subject: ICIM: comment on IPsecPolicyGroup
> 
> 
> Howdy,
> 
> 	IPsecPolciyGroup binds together an IKERule and and 
> IPsecRule. I'd like
> to see a layer of abstraction introduced, namely a KeyManagementRule.
> Then under keyManagementRule, we could use IKE for KM services if we
> wanted, but we could also use kerberose, or son-of-ike or manually
> entered keys, or....
> 
> -- 
>   Ricky Charlet   : Redcreek Communications   : usa (510) 795-6903
>

Prev by Date: ICIM: need a way to filter certs from peers
Next by Date: Re: need a way to filter certs from peers
Previous by thread: Re: ICIM: comment on IPsecPolicyGroup
Next by thread: Re: ICIM: comment on IPsecPolicyGroup
Index(es):
- Date
- Thread