Hi Steve, Thanks for your feedback.
We will add focus on the ability to provide expression of ranges, and hold off on any DSCP related issues until there is a solid use case. Greg ---------------------------------------- > Date: Mon, 27 Jul 2009 11:20:09 -0400 > To: hosk...@hotmail.com > From: k...@bbn.com > CC: ipsec@ietf.org; kivi...@iki.fi > Subject: Re: [IPsec] New draft about issues in alternative Traffic Selectors > in IPSec/IKEv2 > > At 2:57 PM +1000 7/27/09, Greg Daley wrote: > ... > >>Your reference to 4301 regarding the use of multiple parallel SAs solving >>the example is helpful. I will remove the example for clarity. > > As Tero noted, RFC 4301 provides a discussion of how an > implementation can, on a local basis, deal with mapping traffic of > different priorities to different SAs, without the need to define > additional traffic selectors. That's why it has not been seen as > necessary to create traffic selectors for this purpose. > >>My feeling is that the selectors cannot express the case where specific >>traffic is to be encrypted/authenticated and others are not though. >>For example, if EF and AF31 are to be encrypted but other data is to >>travel clear. >> >>Do you think this is sufficiently covered by the current >>definitions? This seems >>more like your example with regard to protocol numbers. > > The protocol number example refers to the fact that we cannot express > protocol number ranges in IKE, and that caused us to remove support > for this feature from IPsec. IO agree with Tero that, going forward, > we should require support for ranges of values for ALL new TS values > that we define. > > If you are asking whether IPsec supports a policy where the basis for > protecting traffic is exclusively a DSCP, the answer is no. It also > is not clear that the ability to do so is a real requirement. > > Steve > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _________________________________________________________________ What goes online, stays online Check the daily blob for the latest on what's happening around the web http://windowslive.ninemsn.com.au/blog.aspx _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
