12 Mar 2012 22:22
rfc5201-bis issue 30: Handle interactions with complex SPDs
Henderson, Thomas R <thomas.r.henderson <at> boeing.com>
2012-03-12 21:22:32 GMT
2012-03-12 21:22:32 GMT
http://trac.tools.ietf.org/wg/hip/trac/ticket/30 This ticket states: "Interactions with complex SPDs may result in weird effects. Need some suggested text to clear this issue." I believe this tracker item is drawn from Robert Moskowitz's IETF 80 presentation. Note that for RFC 5202, there was an IESG Note about this issue: In case of complex Security Policy Databases (SPDs) and the co- existence of HIP and security-related protocols such as IKE, implementors may encounter conditions that are unspecified in these documents. For example, when the SPD defines an IP address subnet to be protected and a HIP host is residing in that IP address area, there is a possibility that the communication is encrypted multiple times. Readers are advised to pay special attention when running HIP with complex SPD settings. Future specifications should clearly define when multiple encryption is intended, and when it should be avoided. Petri noted on the list back in January that RFC5202-bis has addressed this issue. Therefore, I propose to close this issue for RFC5201-bis in a week if there are no other comments. - Tom
RSS Feed