From owner-ipsec-policy@mail.vpnc.org Mon Oct 1 13:28:06 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA24246 for ; Mon, 1 Oct 2001 13:28:05 -0400 (EDT) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f91G7kK03054 for ipsec-policy-bks; Mon, 1 Oct 2001 09:07:46 -0700 (PDT) Received: from p-mail2.cnet.fr (p-mail2.rd.francetelecom.com [193.49.124.32]) by above.proper.com (8.11.6/8.11.3) with SMTP id f91G7gD03048 for ; Mon, 1 Oct 2001 09:07:43 -0700 (PDT) Received: by p-voyageur.rd.francetelecom.fr with Internet Mail Service (5.5.2653.19) id ; Mon, 1 Oct 2001 15:53:58 +0200 Message-ID: <91A311FF6A85D3118DDF0060080C3D829DE2CF@lat3721.rd.francetelecom.fr> From: MORAND Pierrick FTRD/DMI/CAE To: "'Li Man.M (NRC/Boston)'" , "IPSEC-POLICY (E-mail)" Subject: RE: UNIQUENESS clause of ipSecIkeRuleTable Date: Mon, 1 Oct 2001 15:52:57 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f91G7jD03050 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 8bit Hi ! ipSecRuleTable has effectively the same issue. I agree with you that ipSecRuleIpSecSelectorGroupId needs to be added to the UNIQUENESS, and this should be enought. Concerning the question : "can there be more than one IKE associations between two end points?", I must admit that I have no clear opinion on that point, sorry ! I assume that implementations that would support this feature would be able to tightly map Ipsec and Ike associations, but I don't know if IKE allows that and if so, if some implementation support it. May be other IpSec/IKE experts have already thought about it ??? Thanks for your reply. Pierrick. -----Message d'origine----- De : Li Man.M (NRC/Boston) [mailto:Man.M.Li@nokia.com] Envoyé : mardi 25 septembre 2001 23:39 À : 'ext MORAND Pierrick FTRD/DMI/CAE'; IPSEC-POLICY (E-mail) Objet : RE: UNIQUENESS clause of ipSecIkeRuleTable Hi Pierrick, Thanks for pointing this out. Would the addition of ipSecIkeRuleIkeEndpointGroupId into the UNIQUENESS be good enough? It boils down to the question of "can there be more than one IKE associations between two end points?" If the answer is yes, then ipSecIkeRuleIkeAssiciationId needs to be added too. I start to think that the ipSecRuleTable has the same issue. The ipSecruleIpSecSelectorGroupId needs to be added to the UNIQUENESS. What do you think? Thanks for your comments Man -----Original Message----- From: ext MORAND Pierrick FTRD/DMI/CAE [mailto:pierrick.morand@rd.francetelecom.com] Sent: September 20, 2001 04:20 AM To: IPSEC-POLICY (E-mail) Subject: UNIQUENESS clause of ipSecIkeRuleTable Hi ! In the ipSecIkeRuleTable the UNIQUENESS clause is currently the following : UNIQUENESS { ipSecIkeRuleIfName, ipSecIkeRuleRoles } Doing so, this prevents the PDP to install, for an interface having a given Role/IfName tuple value, different Ike policies for different peers. Shouldn't this clause be set to : UNIQUENESS { ipSecIkeRuleIfName, ipSecIkeRuleRoles ipSecIkeRuleIkeAssiciationId ReferenceId, //for the editor : to be renamed in ipSecIkeRuleIkeAssociationId ipSecIkeRuleIkeEndpointGroupId TagReferenceId } I have excluded the ipSecIkeRuleIpSecRuleTimePeriodGroupId in order to avoid that an IkeRule (same IkeAssociation and group of peers) is the object of two different sets of TimePeriod policies leading to create two differents IkeRule instances while the RuleTimePeriodSet could be updated. Thanks for your comments. Pierrick Morand france telecom R&D/DMI/SIR/IPI Tel : +33 2 31 75 91 79 - Fax : +33 2 31 73 56 26 Email :pierrick.morand@rd.francetelecom.com From owner-ipsec-policy@mail.vpnc.org Wed Oct 10 15:10:05 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA18738 for ; Wed, 10 Oct 2001 15:10:05 -0400 (EDT) Received: by above.proper.com (8.11.6/8.11.3) id f9AI3XS13256 for ipsec-policy-bks; Wed, 10 Oct 2001 11:03:33 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f9AI3MD13221 for ; Wed, 10 Oct 2001 11:03:22 -0700 (PDT) Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 10 Oct 2001 12:03:26 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0 Date: Wed, 10 Oct 2001 12:04:15 -0600 From: "Hilarie Orman" To: Cc: Subject: Agenda items requested Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id f9AI3ND13224 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 8bit Please send suggestions for IPSP agenda items for the next IETF to the chairs now. Hilarie Orman (horman@volera.com) Luis Sanchez (lsanchez@megisto.com) From owner-ipsec-policy@mail.vpnc.org Tue Oct 30 11:44:31 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA06663 for ; Tue, 30 Oct 2001 11:44:30 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f9UFaBg22671 for ipsec-policy-bks; Tue, 30 Oct 2001 07:36:11 -0800 (PST) Received: from megisto-sql1.megisto.com ([63.113.114.132]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f9UFa9822666 for ; Tue, 30 Oct 2001 07:36:09 -0800 (PST) Received: from megisto.com (ppp-196-42-28-16.coqui.net [196.42.28.16]) by megisto-sql1.megisto.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id 4XBK94XC; Tue, 30 Oct 2001 10:33:05 -0500 Message-ID: <3BDEC8C5.15B0CB6C@megisto.com> Date: Tue, 30 Oct 2001 10:35:33 -0500 From: "Luis A. Sanchez" Organization: Megisto Systems X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "ipsec-policy@vpnc.org" Subject: Agenda Items Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 7bit Folks, Hilarie and I are working on the agenda for the next IPSP meeting. Please send us your requests no later than November 30th. Thanks, -Luis December 5 - Working Group agendas due at 12:00 noon ET