[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipSecIfCapsTable not many attributes

To: Man.M.Li@xxxxxxxxx, ipsec-policy@xxxxxxxx
Subject: Re: ipSecIfCapsTable not many attributes
From: "Félix J.García Clemente" <fgarcia@xxxxxxxxx>
Date: Fri, 16 Apr 2004 11:01:51 +0200
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
References: <>
Sender: owner-ipsec-policy@xxxxxxxxxxxxx

Hello again,

Man.M.Li@xxxxxxxxx wrote:

> I agree with Avri. The capability table inside IPsec PIB shall report things that are specific to IPsec PIB.

I agree with you. My worry is that currently the capability table inside IPsec PIB is very simple, I think that new attributes may report more information.

> In addition, the framework PIB frwkPrcSupportTable and frwkCompLimitsTable together can be used to indicate what kind of encryptions and algorithms are supported.

For example to indicate that only simmetric encryption is supported, in my opinion it seems more simple to add a new attribute in the capability table than to build several support and limits tables. Even I think this attribute may be more interesting as capability than as limit. Of course I can create my own capability tables extending
the table ipSecIfCapsTable but it will be 'my' solution.

Thanks for your explanation.
Regards,
Félix

> Hence there seems to be no need to add on the ifSecIfCapsTable.
>
> Best regards
> Man Li
>
> > -----Original Message-----
> > From: owner-ipsec-policy@xxxxxxxxxxxxx
> > [mailto:owner-ipsec-policy@xxxxxxxxxxxxx]On Behalf Of ext avri@xxxxxxx
> > Sent: Monday, April 05, 2004 11:40 PM
> > To: "Félix J.García Clemente"
> > Cc: ipsec-policy@xxxxxxxx
> > Subject: Re: ipSecIfCapsTable not many attributes
> >
> >
> >
> >
> > Hi,
> >
> > First let me say how glad I am to hear about another
> > implementation of
> > the PIB.
> >
> > My first issue is that since the ID has been through WG last call and
> > is currently in IESG review and MIB doctor review, I would
> > not like to
> > pull it back to add a major new capability for anything less then a
> > show stopper at this point.
> >
> > Further on the specific issue:
> >
> > While capabilities are important, the Framework PIB has comprehensive
> > capability mechanism, that should cover the requirements.
> >
> > thanks
> >
> > a.
> >
> > On 2 apr 2004, at 01.49, Félix J.García Clemente wrote:
> >
> > >
> > > Hello all,
> > > I am including a complete support for the Framework PIB and
> > the IPSec
> > > PIB in my own COPS-PR implementation.
> > > I have noted that IPSec PIB includes the table ipSecIfCapsTable to
> > > specify capabilities that may be associated with an interface.
> > > This table has not many attributes, are you going to add
> > new attributes
> > > or capability tables?
> > >
> > > I think this is necessary. For example, an interface may not support
> > > 'policy reload', i.e. to apply a policy forces to restart the
> > > interface,
> > > or even an attribute may specify the cryptography system supported
> > > (symmetric or asymmetric, or both).
> > >
> > > Regards,
> > > Félix
> > >
> > >
> > >
> > >
> >
> >
> >

References:
- RE: ipSecIfCapsTable not many attributes
  - From: Man.M.Li

Prev by Date: Re: IPSEC-PIB as mechanism for key distribution
Next by Date: RE: IPSEC-PIB as mechanism for key distribution
Previous by thread: RE: ipSecIfCapsTable not many attributes
Next by thread: RE: MIB/PIB doctor review for draft-ietf-ipsp-ipsecpib-09.txt - general comment/question
Index(es):
- Date
- Thread