Re: [IPsec] GRE key Traffic Selector (Was: First charter draft)

From: Yaron Sheffer <yaronf_at_nospam>
Date: Thu Jun 12 2008 - 15:06:55 GMT
To: Stephen Kent <kent@bbn.com>

Hi Steve,

in a managed-security setting, it seems reasonable to have different security policies, and separate Security Associations, for the different customers' traffic. Even though both may be running the same type of traffic. I understand that this is one of the use cases for the GRE draft.

Thanks,

Yaron

Stephen Kent wrote:

> Julien,
>
> I still have not found time to review the GRE key proposal, but your
> comments were very helpful to me. The fact that thus value does not
> have a globally-defined semantics makes it less appropriate as a
> traffic selector, in my opinion. As you noted, it is no to analogous
> to the use of ports, protocol, and ICMP type/code values in the SPD.
>
> Steve
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
> Scanned by Check Point Total Security Gateway.
>
>

IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

This message: [ Message body ]
Next message: Yoav Nir: "Re: [IPsec] GRE key Traffic Selector (Was: First charter draft)"
Previous message: Stephen Kent: "Re: [IPsec] GRE key Traffic Selector (Was: First charter draft)"
In reply to: Stephen Kent: "Re: [IPsec] GRE key Traffic Selector (Was: First charter draft)"
Next in thread: Yoav Nir: "Re: [IPsec] GRE key Traffic Selector (Was: First charter draft)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]