From owner-ipsec-policy@mail.vpnc.org Tue Aug 5 11:12:41 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15757 for ; Tue, 5 Aug 2003 11:12:40 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h75EZSqt013471 for ; Tue, 5 Aug 2003 07:35:28 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h75EZSSE013470 for ipsec-policy-bks; Tue, 5 Aug 2003 07:35:28 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h75EZPqt013454 for ; Tue, 5 Aug 2003 07:35:27 -0700 (PDT) (envelope-from nreinartz@datus.com) Received: from port-212-202-234-99.reverse.qsc.de ([212.202.234.99] helo=ntmail1.datus.com) by mx02.qsc.de with esmtp (Exim 3.35 #1) id 19k2uB-0006YG-00 for ipsec-policy@vpnc.org; Tue, 05 Aug 2003 16:35:15 +0200 Received: by ntmail1.datus.com with Internet Mail Service (5.5.2653.19) id <3KW36WWD>; Tue, 5 Aug 2003 16:34:51 +0200 Message-ID: <9282B275D3CBD511BD61009027F712301A65CF@ntmail1.datus.com> From: "Reinartz, Norbert" To: "'ipsec-policy@vpnc.org'" Subject: some questions about draft-ietf-ipsp-ipsec-conf-mib-06.txt Date: Tue, 5 Aug 2003 16:34:49 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: There are a few questions about the 'IPsec Policy Configuration MIB': How to configure preconfigured SAs? The transformations of ipsec tunnels are described within 2 SAs, where each SA describes the transformation of incoming or outgoing traffic. Using the 'IPsec Policy Configuration MIB', we have to configure two ipspSaPreconfiguredActionEntries. In which way should these two entries be joined with the correspondent filter(s)? There are two ways, I think: 1. Separate configuration for each direction. Each direction is configured with a separate ipspIpHeaderFilterEntry, ipspRuleDefinitionEntry and ipspGroupContentsEntry. One ipHeaderFilter is configured for outgoing traffic (filter describes unprotected data) and one filter for incoming traffic (filter describes protected data, i.e. considering AH or ESP protocol). 2. The tunnel is configured with one rule and one filter. The two ipspSaPreconfiguredActionEntries are joined with the ipspRuleDefinitionEntry using a ipspCompoundActionEntry and two ipspSubactionsEntries. The ipspIpHeaderFilterEntry is used for matching outgoing traffic. The filter for incoming traffic isn't configured. It is created implicit by the application (using the information which protocol transformation is used for incoming traffic, ..). Can someone describe, how the configuration of preconfigured SAs should be done. One more question: I'm missing something like a parameter for the direction of filters. There is no way to configure filters for outgoing, incoming or both directions of traffic. Is there a general meaning of the direction, e.g. both? Whats the state of the 'IPsec Policy Configuration MIB', is work going on? I couldn't read anything new about the draft for long time. Thanks Norbert Reinartz DATUS AG From owner-ipsec-policy@mail.vpnc.org Tue Aug 5 21:51:58 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA06021 for ; Tue, 5 Aug 2003 21:51:58 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h761Haqt052467 for ; Tue, 5 Aug 2003 18:17:36 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h761HaGv052465 for ipsec-policy-bks; Tue, 5 Aug 2003 18:17:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from sm204.163.com ([202.108.44.204]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h761HYqt052455 for ; Tue, 5 Aug 2003 18:17:35 -0700 (PDT) (envelope-from claudchen@163.com) Received: from localhost (localhost [127.0.0.1]) by sm204.163.com (Postfix) with SMTP id 028381C99F180; Wed, 6 Aug 2003 09:17:35 +0800 (CST) Received: from chenbin (unknown [211.157.248.56]) by 192.168.1.204 (Coremail:163.com) with SMTP id 7gEAAC5XMD+/A/g4.1 for ; Wed, 06 Aug 2003 09:17:35 +0800 (CST) X-Originating-IP: [211.157.248.56] Message-ID: <009b01c35bb8$87487a50$c9c809c0@chenbin> From: "claudchen" To: "IPSEC POLICY" , "open ldap" Cc: "IPSEC POLICY" , "open ldap" Subject: Fw: help about ldap_bin_s() Date: Wed, 6 Aug 2003 09:17:39 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0098_01C35BFB.95565D90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This is a multi-part message in MIME format. ------=_NextPart_000_0098_01C35BFB.95565D90 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQoNCg0KaGVsbG8gZXZlcnlvbmU6DQogICAgICAgICAgICAgICAgICAgICBpIG1ldCBhIHVyZ2Vu dCBwcm9ibGVtIG5vdzoNCg0Kd2hlbiBpIHVzZSBsZGFwX2Jpbl9zKCkgdG8gYmluIGEgbGRhcCBz ZXJ2ZXIsaSB1c2UgICBsZGFwX2JpbmRfcyhwc0xkYXAsZG4sIHBQYXNzd29yZCxMREFQX0FVVEhf U0lNUExFKSA7DQoNCkkgdXNlIHRoZSBkbiBhbmQgcGFzc3dvcmQgaW4gc2xhcGQuY29uZiBhcyBm b2xsb3c6DQoNCnJvb3RkbiAgImNuPU1hbmFnZXIsbz1IdWFUZWNoIGluZm8gQ29ycCxjPUNoaW5h Ig0Kcm9vdHB3ICBzZWNyZXQNCg0KbXkgcHJvYmxlbSBpcyA6Y2FuIGkgY3JlYXQgbmV3IGxlZ2Fs IHVzZXIoIm5ld3VzZXIiIGZvciBleGFtcGxlKSB3aG8gY2FuIG1vZGlmeSB0aGUgbGRhcCBkYXRh YmFzZSx0aGVuIGkgY2FuIHVzZWQgaW4gICBsZGFwX2JpbmRfcyhwc0xkYXAsbmV3dXNlciwgbmV3 dXNlcnBhc3N3b3JkLExEQVBfQVVUSF9TSU1QTEUpIDsNCg0KdGhhbmsgdSBpbiBhZHZhbmNlIQ0K DQpjbGF1ZGNoZW4NCg0K ------=_NextPart_000_0098_01C35BFB.95565D90 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w MC4yODAwLjExMDYiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8 Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxCUj48L0RJVj4NCjxESVY+Jm5ic3A7PC9ESVY+ DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPmhlbGxvIGV2ZXJ5b25lOjwvRk9OVD48L0RJ Vj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCANCnNpemU9Mj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgDQppIG1ldCBhIHVyZ2Vu dCBwcm9ibGVtIG5vdzo8L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0y PjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+d2hlbiBp IHVzZSBsZGFwX2Jpbl9zKCkgdG8gYmluIGEgbGRhcCBzZXJ2ZXIsaSANCnVzZSZuYnNwOyZuYnNw OyZuYnNwO2xkYXBfYmluZF9zKHBzTGRhcCxkbiwgcFBhc3N3b3JkLExEQVBfQVVUSF9TSU1QTEUp IA0KOzxCUj48L0ZPTlQ+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPjwvRElWPg0KPERJ Vj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5JIHVzZSB0aGUgZG4gYW5kIHBhc3N3b3JkIGluIHNs YXBkLmNvbmYgYXMgDQpmb2xsb3c6PC9GT05UPjwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFs IHNpemU9Mj48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0y PnJvb3RkbiZuYnNwOyZuYnNwOyJjbj1NYW5hZ2VyLG89SHVhVGVjaCBpbmZvIA0KQ29ycCxjPUNo aW5hIjxCUj5yb290cHcmbmJzcDsmbmJzcDtzZWNyZXQ8QlI+PC9GT05UPjwvRElWPg0KPERJVj48 Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5teSBwcm9ibGVtIGlzIDpjYW4gaSBjcmVhdCBuZXcgbGVn YWwgdXNlcigibmV3dXNlciIgDQpmb3IgZXhhbXBsZSkmbmJzcDt3aG8gY2FuIG1vZGlmeSB0aGUg bGRhcCBkYXRhYmFzZSx0aGVuIGkgY2FuIHVzZWQgDQppbiZuYnNwOyZuYnNwOyZuYnNwO2xkYXBf YmluZF9zKHBzTGRhcCxuZXd1c2VyLCANCm5ld3VzZXJwYXNzd29yZCxMREFQX0FVVEhfU0lNUExF KSA7PC9GT05UPjwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5i c3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPnRoYW5rIHUgaW4gYWR2YW5j ZSE8L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJz cDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+Y2xhdWRjaGVuPC9ESVY+DQo8 RElWPjxCUj48L0RJVj48L0ZPTlQ+PC9CT0RZPjwvSFRNTD4NCg== ------=_NextPart_000_0098_01C35BFB.95565D90-- From owner-ipsec-policy@mail.vpnc.org Tue Aug 5 21:52:14 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA06040 for ; Tue, 5 Aug 2003 21:52:13 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h761GRqt052323 for ; Tue, 5 Aug 2003 18:16:27 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h761GRo6052321 for ipsec-policy-bks; Tue, 5 Aug 2003 18:16:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from sm204.163.com ([202.108.44.204]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h761GPqt052299 for ; Tue, 5 Aug 2003 18:16:25 -0700 (PDT) (envelope-from claudchen@163.com) Received: from localhost (localhost [127.0.0.1]) by sm204.163.com (Postfix) with SMTP id A13481C7F2602; Wed, 6 Aug 2003 09:16:18 +0800 (CST) Received: from chenbin (unknown [211.157.248.56]) by 192.168.1.204 (Coremail:163.com) with SMTP id FwIAAOFWMD/LA/g4.1 for ; Wed, 06 Aug 2003 09:16:18 +0800 (CST) X-Originating-IP: [211.157.248.56] Message-ID: <008301c35bb8$59c7eb10$c9c809c0@chenbin> From: "claudchen" To: "open ldap" , "IPSEC POLICY" Subject: Fw: help about ldap_bin_s() Date: Wed, 6 Aug 2003 09:16:22 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0080_01C35BFB.676643A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This is a multi-part message in MIME format. ------=_NextPart_000_0080_01C35BFB.676643A0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQpoZWxsbyBldmVyeW9uZToNCiAgICAgICAgICAgICAgICAgICAgIGkgbWV0IGEgdXJnZW50IHBy b2JsZW0gbm93Og0KDQp3aGVuIGkgdXNlIGxkYXBfYmluX3MoKSB0byBiaW4gYSBsZGFwIHNlcnZl cixpIHVzZSAgIGxkYXBfYmluZF9zKHBzTGRhcCxkbiwgcFBhc3N3b3JkLExEQVBfQVVUSF9TSU1Q TEUpIDsNCg0KSSB1c2UgdGhlIGRuIGFuZCBwYXNzd29yZCBpbiBzbGFwZC5jb25mIGFzIGZvbGxv dzoNCg0Kcm9vdGRuICAiY249TWFuYWdlcixvPUh1YVRlY2ggaW5mbyBDb3JwLGM9Q2hpbmEiDQpy b290cHcgIHNlY3JldA0KDQpteSBwcm9ibGVtIGlzIDpjYW4gaSBjcmVhdCBuZXcgbGVnYWwgdXNl cigibmV3dXNlciIgZm9yIGV4YW1wbGUpIHdobyBjYW4gbW9kaWZ5IHRoZSBsZGFwIGRhdGFiYXNl LHRoZW4gaSBjYW4gdXNlZCBpbiAgIGxkYXBfYmluZF9zKHBzTGRhcCxuZXd1c2VyLCBuZXd1c2Vy cGFzc3dvcmQsTERBUF9BVVRIX1NJTVBMRSkgOw0KDQp0aGFuayB1IGluIGFkdmFuY2UhDQoNCmNs YXVkY2hlbg0KDQo= ------=_NextPart_000_0080_01C35BFB.676643A0 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w MC4yODAwLjExMDYiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8 Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNl PUFyaWFsIHNpemU9Mj5oZWxsbyBldmVyeW9uZTo8L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIGZh Y2U9QXJpYWwgDQpzaXplPTI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IA0KaSBtZXQgYSB1cmdlbnQgcHJvYmxlbSBub3c6PC9G T05UPjwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5ic3A7PC9E SVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPndoZW4gaSB1c2UgbGRhcF9iaW5fcygp IHRvIGJpbiBhIGxkYXAgc2VydmVyLGkgDQp1c2UmbmJzcDsmbmJzcDsmbmJzcDtsZGFwX2JpbmRf cyhwc0xkYXAsZG4sIHBQYXNzd29yZCxMREFQX0FVVEhfU0lNUExFKSANCjs8QlI+PC9GT05UPjxG T05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1Bcmlh bCBzaXplPTI+SSB1c2UgdGhlIGRuIGFuZCBwYXNzd29yZCBpbiBzbGFwZC5jb25mIGFzIA0KZm9s bG93OjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPiZu YnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5yb290ZG4mbmJzcDsmbmJz cDsiY249TWFuYWdlcixvPUh1YVRlY2ggaW5mbyANCkNvcnAsYz1DaGluYSI8QlI+cm9vdHB3Jm5i c3A7Jm5ic3A7c2VjcmV0PEJSPjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBz aXplPTI+bXkgcHJvYmxlbSBpcyA6Y2FuIGkgY3JlYXQgbmV3IGxlZ2FsIHVzZXIoIm5ld3VzZXIi IA0KZm9yIGV4YW1wbGUpJm5ic3A7d2hvIGNhbiBtb2RpZnkgdGhlIGxkYXAgZGF0YWJhc2UsdGhl biBpIGNhbiB1c2VkIA0KaW4mbmJzcDsmbmJzcDsmbmJzcDtsZGFwX2JpbmRfcyhwc0xkYXAsbmV3 dXNlciwgDQpuZXd1c2VycGFzc3dvcmQsTERBUF9BVVRIX1NJTVBMRSkgOzwvRk9OVD48L0RJVj4N CjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48 Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj50aGFuayB1IGluIGFkdmFuY2UhPC9GT05UPjwvRElWPg0K PERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxG T05UIGZhY2U9QXJpYWwgc2l6ZT0yPmNsYXVkY2hlbjwvRElWPg0KPERJVj48QlI+PC9ESVY+PC9G T05UPjwvQk9EWT48L0hUTUw+DQo= ------=_NextPart_000_0080_01C35BFB.676643A0-- From owner-ipsec-policy@mail.vpnc.org Tue Aug 5 21:53:53 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA06089 for ; Tue, 5 Aug 2003 21:53:53 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h761Gtqt052378 for ; Tue, 5 Aug 2003 18:16:55 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h761GtuN052377 for ipsec-policy-bks; Tue, 5 Aug 2003 18:16:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from sm204.163.com ([202.108.44.204]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h761Grqt052370 for ; Tue, 5 Aug 2003 18:16:54 -0700 (PDT) (envelope-from claudchen@163.com) Received: from localhost (localhost [127.0.0.1]) by sm204.163.com (Postfix) with SMTP id 187C81C7E3380; Wed, 6 Aug 2003 09:16:54 +0800 (CST) Received: from chenbin (unknown [211.157.248.56]) by 192.168.1.204 (Coremail:163.com) with SMTP id VAIAAAZXMD+gA/g4.1 for ; Wed, 06 Aug 2003 09:16:54 +0800 (CST) X-Originating-IP: [211.157.248.56] Message-ID: <008e01c35bb8$6ee7c920$c9c809c0@chenbin> From: "claudchen" To: "open ldap" , "IPSEC POLICY" Subject: Fw: help about ldap_bin_s() Date: Wed, 6 Aug 2003 09:16:58 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_008B_01C35BFB.7CF73300" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This is a multi-part message in MIME format. ------=_NextPart_000_008B_01C35BFB.7CF73300 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQoNCg0KDQpoZWxsbyBldmVyeW9uZToNCiAgICAgICAgICAgICAgICAgICAgIGkgbWV0IGEgdXJn ZW50IHByb2JsZW0gbm93Og0KDQp3aGVuIGkgdXNlIGxkYXBfYmluX3MoKSB0byBiaW4gYSBsZGFw IHNlcnZlcixpIHVzZSAgIGxkYXBfYmluZF9zKHBzTGRhcCxkbiwgcFBhc3N3b3JkLExEQVBfQVVU SF9TSU1QTEUpIDsNCg0KSSB1c2UgdGhlIGRuIGFuZCBwYXNzd29yZCBpbiBzbGFwZC5jb25mIGFz IGZvbGxvdzoNCg0Kcm9vdGRuICAiY249TWFuYWdlcixvPUh1YVRlY2ggaW5mbyBDb3JwLGM9Q2hp bmEiDQpyb290cHcgIHNlY3JldA0KDQpteSBwcm9ibGVtIGlzIDpjYW4gaSBjcmVhdCBuZXcgbGVn YWwgdXNlcigibmV3dXNlciIgZm9yIGV4YW1wbGUpIHdobyBjYW4gbW9kaWZ5IHRoZSBsZGFwIGRh dGFiYXNlLHRoZW4gaSBjYW4gdXNlZCBpbiAgIGxkYXBfYmluZF9zKHBzTGRhcCxuZXd1c2VyLCBu ZXd1c2VycGFzc3dvcmQsTERBUF9BVVRIX1NJTVBMRSkgOw0KDQp0aGFuayB1IGluIGFkdmFuY2Uh DQoNCmNsYXVkY2hlbg0KDQo= ------=_NextPart_000_008B_01C35BFB.7CF73300 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w MC4yODAwLjExMDYiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8 Qk9EWSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9O VD4mbmJzcDs8L0RJVj4NCjxESVY+PEJSPjwvRElWPg0KPERJVj4mbmJzcDs8L0RJVj4NCjxESVY+ PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+aGVsbG8gZXZlcnlvbmU6PC9GT05UPjwvRElWPg0KPERJ Vj48Rk9OVCBmYWNlPUFyaWFsIA0Kc2l6ZT0yPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyANCmkgbWV0IGEgdXJnZW50IHByb2Js ZW0gbm93OjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05U PiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj53aGVuIGkgdXNlIGxk YXBfYmluX3MoKSB0byBiaW4gYSBsZGFwIHNlcnZlcixpIA0KdXNlJm5ic3A7Jm5ic3A7Jm5ic3A7 bGRhcF9iaW5kX3MocHNMZGFwLGRuLCBwUGFzc3dvcmQsTERBUF9BVVRIX1NJTVBMRSkgDQo7PEJS PjwvRk9OVD48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj48L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05U IGZhY2U9QXJpYWwgc2l6ZT0yPkkgdXNlIHRoZSBkbiBhbmQgcGFzc3dvcmQgaW4gc2xhcGQuY29u ZiBhcyANCmZvbGxvdzo8L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0y PjwvRk9OVD4mbmJzcDs8L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+cm9vdGRu Jm5ic3A7Jm5ic3A7ImNuPU1hbmFnZXIsbz1IdWFUZWNoIGluZm8gDQpDb3JwLGM9Q2hpbmEiPEJS PnJvb3RwdyZuYnNwOyZuYnNwO3NlY3JldDxCUj48L0ZPTlQ+PC9ESVY+DQo8RElWPjxGT05UIGZh Y2U9QXJpYWwgc2l6ZT0yPm15IHByb2JsZW0gaXMgOmNhbiBpIGNyZWF0IG5ldyBsZWdhbCB1c2Vy KCJuZXd1c2VyIiANCmZvciBleGFtcGxlKSZuYnNwO3dobyBjYW4gbW9kaWZ5IHRoZSBsZGFwIGRh dGFiYXNlLHRoZW4gaSBjYW4gdXNlZCANCmluJm5ic3A7Jm5ic3A7Jm5ic3A7bGRhcF9iaW5kX3Mo cHNMZGFwLG5ld3VzZXIsIA0KbmV3dXNlcnBhc3N3b3JkLExEQVBfQVVUSF9TSU1QTEUpIDs8L0ZP TlQ+PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjwvRk9OVD4mbmJzcDs8L0RJ Vj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+dGhhbmsgdSBpbiBhZHZhbmNlITwvRk9O VD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElW Pg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5jbGF1ZGNoZW48L0RJVj4NCjxESVY+PEJS PjwvRElWPjwvRk9OVD48L0JPRFk+PC9IVE1MPg0K ------=_NextPart_000_008B_01C35BFB.7CF73300-- From owner-ipsec-policy@mail.vpnc.org Tue Aug 12 13:40:14 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA22365 for ; Tue, 12 Aug 2003 13:40:14 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7CH9pqt090260 for ; Tue, 12 Aug 2003 10:09:51 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7CH9pci090259 for ipsec-policy-bks; Tue, 12 Aug 2003 10:09:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from thunker.thunk.org (thunk.org [140.239.227.29]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7CH9nqt090253 for ; Tue, 12 Aug 2003 10:09:49 -0700 (PDT) (envelope-from tytso@thunk.org) Received: from [66.92.109.27] (helo=think.thunk.org) authenticated as tytso by thunker.thunk.org with asmtp (tls_cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.35 #1 (Debian)) id 19mcec-0006sn-00; Tue, 12 Aug 2003 13:09:50 -0400 Received: from tytso authenticated as tytso by think.thunk.org with local (Exim 3.35 #1 (Debian)) id 19mceF-0000Vd-00; Tue, 12 Aug 2003 13:09:27 -0400 Date: Tue, 12 Aug 2003 13:09:27 -0400 From: "Theodore Ts'o" To: ipsec-policy@vpnc.org Subject: [tytso@MIT.EDU: The IPSEC MIB documents] Message-ID: <20030812170927.GD883@think> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline User-Agent: Mutt/1.5.4i Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline FYI, since the ipsp working group is likely interested in what happens with the doi-tc-mib document. - Ted -- --0OAP2g/MAC+5xKAE Content-Type: message/rfc822 Content-Disposition: inline MIME-Version: 1.0 Return-Path: Received: from po14.mit.edu [18.7.21.72] by localhost with IMAP (fetchmail-5.9.11) for tytso@localhost (single-drop); Tue, 12 Aug 2003 12:15:06 -0400 (EDT) Received: from po14.mit.edu (po14.mit.edu [18.7.21.72]) by po14.mit.edu (Cyrus v2.1.5) with LMTP; Tue, 12 Aug 2003 11:50:55 -0400 X-Sieve: CMU Sieve 2.2 Received: from fort-point-station.mit.edu by po14.mit.edu (8.12.4/4.7) id h7CFosQ6006014; Tue, 12 Aug 2003 11:50:54 -0400 (EDT) Received: from thunker.thunk.org (thunk.org [140.239.227.29]) by fort-point-station.mit.edu (8.12.4/8.9.2) with ESMTP id h7CFoqsP023108 for ; Tue, 12 Aug 2003 11:50:52 -0400 (EDT) Received: from [66.92.109.27] (helo=think.thunk.org) authenticated as tytso by thunker.thunk.org with asmtp (tls_cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.35 #1 (Debian)) id 19mbPV-0006Mm-00; Tue, 12 Aug 2003 11:50:09 -0400 Received: from tytso by think.thunk.org with local (Exim 3.35 #1 (Debian)) id 19mbP8-0000Pw-00; Tue, 12 Aug 2003 11:49:46 -0400 To: ipsec@lists.tislabs.com cc: hilarie@xmission.com, lsanchez@xapiens.com, bwijnen@lucent.com, heard@pobox.com, jshriver+ietf@sockeye.com, rks@cisco.com, byfraser@cisco.com, angelos@cs.columbia.edu, kivinen@ssh.fi Subject: The IPSEC MIB documents From: "Theodore Ts'o" Phone: (781) 391-3464 Message-Id: Date: Tue, 12 Aug 2003 11:49:46 -0400 X-Spam-Score: 0.8 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) There seems to be very little interest within the IPSEC working group towards completing many of the IPSEC MIB documents. To that end, after consulting with the relevant wg chairs and I-D authors, Barbara and I propose the following path forward: 1) That the following I-D's be dropped as IPSEC wg work items: draft-ietf-ipsec-ike-monitor-mib draft-ietf-ipsec-isakmp-di-mon-mib draft-ietf-ipsec-monitor-mib draft-ietf-ipsec-doi-tc-mib 2) Since the IPSP working group has an I-D (draft-ietf-ipsp-ipsec-conf-mib) ready for advancement to RFC status which has a dependency on the draft-ietf-ipsec-doi-tc-mib document, that this document be reassigned to the IPSP working group for completion to support their work. Alternatively, the wg authors of ipsec-conf-mib may decide that is more suitable to lift the necessary sections out of the doi-tc-mib and simply drop it into their document. That decision should be left up to them. 3) That the draft-ietf-ipsec-flow-montioring-mib and draft-ietf-ipsec-flowmon-mib-tc documents should be modified to document exactly what is currently being shipped and deployed by various vendors, and then published as informational RFC's. In the future, there will no doubt be a need to create MIB's for IKEv2 protocol. It is the our opinion as working group chairs that it will probably be better to create a new working group to take on this task. Hopefully this new working group will be able to focus only on this task, and will be able to attract the necessary people with the interest, time, and expertise to craft the necessary MIB documents. This work might use the current IPSEC MIB documents as a base, or they may decide that it is better to start from a clean slate --- that decision should be left up a future working group. - Ted and Barbara --0OAP2g/MAC+5xKAE-- From owner-ipsec-policy@mail.vpnc.org Wed Aug 13 13:36:58 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA26913 for ; Wed, 13 Aug 2003 13:36:58 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7DGwAqt099044 for ; Wed, 13 Aug 2003 09:58:10 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7DGw9p7099043 for ipsec-policy-bks; Wed, 13 Aug 2003 09:58:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from localhost.localdomain (adsl-63-195-146-66.dsl.scrm01.pacbell.net [63.195.146.66]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7DGw8qt099038 for ; Wed, 13 Aug 2003 09:58:08 -0700 (PDT) (envelope-from baerm@mikesoffice.com) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by localhost.localdomain (8.12.8/8.12.8) with ESMTP id h7DGwvDW004453; Wed, 13 Aug 2003 09:58:58 -0700 Received: (from baerm@localhost) by localhost.localdomain (8.12.8/8.12.8/Submit) id h7DGwp3j004451; Wed, 13 Aug 2003 09:58:51 -0700 X-Authentication-Warning: localhost.localdomain: baerm set sender to baerm@mikesoffice.com using -f To: "Reinartz, Norbert" Cc: "'ipsec-policy@vpnc.org'" Subject: Re: some questions about draft-ietf-ipsp-ipsec-conf-mib-06.txt From: Michael Baer Organization: Sparta X-Face: "*g#dUT3;8M9AE5dLk\\b4G\cNCQkRb.g/2QwEXQKf.: ("Reinartz, Norbert"'s message of "Tue, 5 Aug 2003 16:34:49 +0200") Message-ID: User-Agent: Gnus/5.090015 (Oort Gnus v0.15) XEmacs/21.4 (Rational FORTRAN, powerpc-unknown-linux) References: <9282B275D3CBD511BD61009027F712301A65CF@ntmail1.datus.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Hi, Sorry for the untimely response, responses inline below. >>>>> "Norbert" == Norbert Reinartz writes: Norbert> There are a few questions about the 'IPsec Policy Norbert> Configuration MIB': Norbert> How to configure preconfigured SAs? The transformations Norbert> of ipsec tunnels are described within 2 SAs, where each Norbert> SA describes the transformation of incoming or outgoing Norbert> traffic. Using the 'IPsec Policy Configuration MIB', we Norbert> have to configure two ipspSaPreconfiguredActionEntries. Norbert> In which way should these two entries be joined with the Norbert> correspondent filter(s)? Norbert> There are two ways, I think: Norbert> 1. Separate configuration for each direction. Each Norbert> direction is configured Norbert> with a separate ipspIpHeaderFilterEntry, Norbert> ipspRuleDefinitionEntry and ipspGroupContentsEntry. One Norbert> ipHeaderFilter is configured for outgoing traffic (filter Norbert> describes unprotected data) and one filter for incoming Norbert> traffic (filter describes protected data, Norbert> i.e. considering AH or ESP protocol). This is the most straight forward way to do it. Norbert> 2. The tunnel is configured with one rule and one Norbert> filter. The two Norbert> ipspSaPreconfiguredActionEntries are joined with the Norbert> ipspRuleDefinitionEntry using a ipspCompoundActionEntry Norbert> and two ipspSubactionsEntries. The Norbert> ipspIpHeaderFilterEntry is used for matching outgoing Norbert> traffic. The filter for incoming traffic isn't Norbert> configured. It is created implicit by the application Norbert> (using the information which protocol transformation is Norbert> used for incoming traffic, ..). In practice, an implementation could do this, but it doesn't work theoretically. By that I mean, following the information model, the IPsec rules are checked first for incoming packets, before the SADB is examined. Without an associated filter, the incoming packet would never match the IPsec rules and be connected to the preconf. SA. More to the point, an explicit traffic filter should exist for incoming preconfig. SA's so that any traffic coming through the SA can be checked to make sure that it is the appropriate traffic for that SA (beyond matching SPI and AH/ESP info.). Norbert> Can someone describe, how the configuration of Norbert> preconfigured SAs should be done. Norbert> One more question: I'm missing something like a parameter Norbert> for the direction of filters. There is no way to Norbert> configure filters for outgoing, incoming or both Norbert> directions of traffic. Is there a general meaning of the Norbert> direction, e.g. both? In fact, there has been some discussion among the draft writers regarding adding direction information into filters. If it should be added and exactly how it should be added haven't been decided yet. My best guess at the moment is that it will be added in the form of an additional direction filter. Input is welcome. Norbert> Whats the state of the 'IPsec Policy Configuration MIB', Norbert> is work going on? I couldn't read anything new about the Norbert> draft for long time. As mentioned above, some work is going on. Although at this point, changes should stay at minimum. -- Michael Baer baerm@mikesoffice.com sparta From owner-ipsec-policy@mail.vpnc.org Mon Aug 18 13:54:50 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA27464 for ; Mon, 18 Aug 2003 13:54:50 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7IHNvqt018652 for ; Mon, 18 Aug 2003 10:23:57 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7IHNuo1018651 for ipsec-policy-bks; Mon, 18 Aug 2003 10:23:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from noxmail.sandelman.ottawa.on.ca (cyphermail.sandelman.ottawa.on.ca [192.139.46.78] (may be forged)) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7IHNjqt018629 for ; Mon, 18 Aug 2003 10:23:54 -0700 (PDT) (envelope-from mcr@sandelman.ottawa.on.ca) Received: from lox.sandelman.ottawa.on.ca (IDENT:root@lox.sandelman.ottawa.on.ca [205.150.200.178]) by noxmail.sandelman.ottawa.on.ca (8.11.6p2/8.11.6) with ESMTP id h7IHNGh00277 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified NO) for ; Mon, 18 Aug 2003 13:23:19 -0400 (EDT) Received: from sandelman.ottawa.on.ca (desk.marajade.sandelman.ca [205.150.200.247]) by lox.sandelman.ottawa.on.ca (8.11.6/8.11.6) with ESMTP id h7IGuxY23186 for ; Mon, 18 Aug 2003 12:57:49 -0400 (EDT) Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian -4) with ESMTP id h7IGswmf008069 for ; Mon, 18 Aug 2003 12:54:58 -0400 To: ipsec-policy@vpnc.org Subject: socket policy In-reply-to: Your message of "Mon, 18 Aug 2003 04:16:37 +0900." <20030817191637.97C5B8F@coconut.itojun.org> Mime-Version: 1.0 (generated by tm-edit 1.8) Content-Type: text/plain; charset=US-ASCII Date: Mon, 18 Aug 2003 12:54:58 -0400 Message-ID: <8068.1061225698@marajade.sandelman.ottawa.on.ca> From: Michael Richardson Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: -----BEGIN PGP SIGNED MESSAGE----- >>>>> "itojun" == itojun writes: itojun> one. i am particularly interested in socket-based policy, itojun> tcp handling, listening socket policy handling (do you itojun> respond to unencrypted SYN with unencrypted RST if the socket itojun> is set to "require IPsec"?) That's a hard one. I think that you should reply with ICMP port unreachable. That's my opinion. ] Out and about in Ottawa. hmmm... beer. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys - custom hacks make this fully PGP2 compat iQCVAwUBP0EE4IqHRg3pndX9AQETQQP9EntOLbf4325/0tkUU1jVCzyEjbSKQZdF z55P/zVkFBH9rXHkrDc3/r/gx0a/NPPzD4JZyOfYaETBCmxCbZMJBBw6pwct2YMi iE5cmfGd78FGbLYC7LmKJqYB9qMq0tXqJ4s6a/3N1S4p/+iK2Yfcw6ks1G3BrvkP EGin+AMTpiA= =oVBO -----END PGP SIGNATURE----- From owner-ipsec-policy@mail.vpnc.org Thu Aug 28 16:09:41 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA14508 for ; Thu, 28 Aug 2003 16:09:39 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7SJWFgc093938 for ; Thu, 28 Aug 2003 12:32:15 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7SJWFhS093937 for ipsec-policy-bks; Thu, 28 Aug 2003 12:32:15 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from gamma.isi.edu (gamma.isi.edu [128.9.144.145]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7SJWEgc093932 for ; Thu, 28 Aug 2003 12:32:14 -0700 (PDT) (envelope-from rfc-ed@ISI.EDU) Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by gamma.isi.edu (8.11.6p2/8.11.2) with ESMTP id h7SJWDN10719; Thu, 28 Aug 2003 12:32:13 -0700 (PDT) Message-Id: <200308281932.h7SJWDN10719@gamma.isi.edu> To: IETF-Announce: ; Subject: RFC 3586 on IP Security Policy (IPSP) Requirements Cc: rfc-editor@rfc-editor.org, ipsec-policy@vpnc.org From: rfc-editor@rfc-editor.org Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary=NextPart Date: Thu, 28 Aug 2003 12:32:13 -0700 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A new Request for Comments is now available in online RFC libraries. RFC 3586 Title: IP Security Policy (IPSP) Requirements Author(s): M. Blaze, A. Keromytis, M. Richardson, L. Sanchez Status: Standards Track Date: August 2003 Mailbox: mab@crypto.com, angelos@cs.columbia.edu, mcr@sandelman.ottawa.on.ca, lsanchez@xapiens.com Pages: 10 Characters: 22068 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-ipsp-requirements-02.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3586.txt This document describes the problem space and solution requirements for developing an IP Security Policy (IPSP) configuration and management framework. The IPSP architecture provides a scalable, decentralized framework for managing, discovering and negotiating the host and network security policies that govern access, authorization, authentication, confidentiality, data integrity, and other IP Security properties. This document highlights such architectural components and presents their functional requirements. This document is a product of the IP Security Policy Working Group of the IETF. This is now a Proposed Standard Protocol. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="RFC-INFO@RFC-EDITOR.ORG" Content-Type: text/plain Content-ID: <030828123041.RFC@RFC-EDITOR.ORG> RETRIEVE: rfc DOC-ID: rfc3586 --OtherAccess Content-Type: Message/External-body; name="rfc3586.txt"; site="ftp.isi.edu"; access-type="anon-ftp"; directory="in-notes" Content-Type: text/plain Content-ID: <030828123041.RFC@RFC-EDITOR.ORG> --OtherAccess-- --NextPart-- From owner-ipsec-policy@mail.vpnc.org Thu Aug 28 16:13:45 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA14867 for ; Thu, 28 Aug 2003 16:13:45 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7SJUOgc093881 for ; Thu, 28 Aug 2003 12:30:24 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7SJUOPY093880 for ipsec-policy-bks; Thu, 28 Aug 2003 12:30:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from gamma.isi.edu (gamma.isi.edu [128.9.144.145]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7SJUNgc093874 for ; Thu, 28 Aug 2003 12:30:23 -0700 (PDT) (envelope-from rfc-ed@ISI.EDU) Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by gamma.isi.edu (8.11.6p2/8.11.2) with ESMTP id h7SJUKN09814; Thu, 28 Aug 2003 12:30:20 -0700 (PDT) Message-Id: <200308281930.h7SJUKN09814@gamma.isi.edu> To: IETF-Announce: ; Subject: RFC 3585 on IPsec Configuration Policy Information Model Cc: rfc-editor@rfc-editor.org, ipsec-policy@vpnc.org From: rfc-editor@rfc-editor.org Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary=NextPart Date: Thu, 28 Aug 2003 12:30:16 -0700 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A new Request for Comments is now available in online RFC libraries. RFC 3585 Title: IPsec Configuration Policy Information Model Author(s): J. Jason, L. Rafalow, E. Vyncke Status: Standards Track Date: August 2003 Mailbox: jamie.jason@intel.com, rafalow@watson.ibm.com, evyncke@cisco.com Pages: 88 Characters: 187308 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-ipsp-config-policy-model-07.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3585.txt This document presents an object-oriented information model of IP Security (IPsec) policy designed to facilitate agreement about the content and semantics of IPsec policy, and enable derivations of task-specific representations of IPsec policy such as storage schema, distribution representations, and policy specification languages used to configure IPsec-enabled endpoints. The information model described in this document models the configuration parameters defined by IPSec. The information model also covers the parameters found by the Internet Key Exchange protocol (IKE). Other key exchange protocols could easily be added to the information model by a simple extension. Further extensions can further be added easily due to the object-oriented nature of the model. This information model is based upon the core policy classes as defined in the Policy Core Information Model (PCIM) and in the Policy Core Information Model Extensions (PCIMe). This document is a product of the IP Security Policy Working Group of the IETF. This is now a Proposed Standard Protocol. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="RFC-INFO@RFC-EDITOR.ORG" Content-Type: text/plain Content-ID: <030828122733.RFC@RFC-EDITOR.ORG> RETRIEVE: rfc DOC-ID: rfc3585 --OtherAccess Content-Type: Message/External-body; name="rfc3585.txt"; site="ftp.isi.edu"; access-type="anon-ftp"; directory="in-notes" Content-Type: text/plain Content-ID: <030828122733.RFC@RFC-EDITOR.ORG> --OtherAccess-- --NextPart-- From owner-ipsec-policy@mail.vpnc.org Thu Aug 28 16:46:48 2003 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA17490 for ; Thu, 28 Aug 2003 16:46:48 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7SJwigc095160 for ; Thu, 28 Aug 2003 12:58:44 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7SJwiS3095159 for ipsec-policy-bks; Thu, 28 Aug 2003 12:58:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from mx03.forces.gc.ca (mx03.forces.gc.ca [131.137.245.203]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7SJwhgc095153 for ; Thu, 28 Aug 2003 12:58:43 -0700 (PDT) Received: from asgard.ietf.org (asgard.ietf.org [132.151.6.40]) by mx03.forces.gc.ca (DND-Mailer) with ESMTP id 69105206609 for ; Thu, 28 Aug 2003 15:57:05 -0400 (EDT) Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 19sSU4-0007rp-Ed for ietf-announce-list@asgard.ietf.org; Thu, 28 Aug 2003 15:31:04 -0400 Received: from ietf.org ([10.27.2.28]) by asgard.ietf.org with esmtp (Exim 4.14) id 19sSTP-0007o1-6q for all-ietf@asgard.ietf.org; Thu, 28 Aug 2003 15:30:23 -0400 Received: from gamma.isi.edu (gamma.isi.edu [128.9.144.145]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11438 for ; Thu, 28 Aug 2003 15:30:18 -0400 (EDT) Received: from ISI.EDU (jet.isi.edu [128.9.160.87]) by gamma.isi.edu (8.11.6p2/8.11.2) with ESMTP id h7SJUKN09814; Thu, 28 Aug 2003 12:30:20 -0700 (PDT) Message-Id: <200308281930.h7SJUKN09814@gamma.isi.edu> To: IETF-Announce: ; Subject: RFC 3585 on IPsec Configuration Policy Information Model Cc: rfc-editor@rfc-editor.org, ipsec-policy@vpnc.org From: rfc-editor@rfc-editor.org Date: Thu, 28 Aug 2003 12:30:16 -0700 MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="MIMEStream=_0+223009_4330376467124_96428787708" Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --MIMEStream=_0+223009_4330376467124_96428787708 A new Request for Comments is now available in online RFC libraries. RFC 3585 Title: IPsec Configuration Policy Information Model Author(s): J. Jason, L. Rafalow, E. Vyncke Status: Standards Track Date: August 2003 Mailbox: jamie.jason@intel.com, rafalow@watson.ibm.com, evyncke@cisco.com Pages: 88 Characters: 187308 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-ipsp-config-policy-model-07.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3585.txt This document presents an object-oriented information model of IP Security (IPsec) policy designed to facilitate agreement about the content and semantics of IPsec policy, and enable derivations of task-specific representations of IPsec policy such as storage schema, distribution representations, and policy specification languages used to configure IPsec-enabled endpoints. The information model described in this document models the configuration parameters defined by IPSec. The information model also covers the parameters found by the Internet Key Exchange protocol (IKE). Other key exchange protocols could easily be added to the information model by a simple extension. Further extensions can further be added easily due to the object-oriented nature of the model. This information model is based upon the core policy classes as defined in the Policy Core Information Model (PCIM) and in the Policy Core Information Model Extensions (PCIMe). This document is a product of the IP Security Policy Working Group of the IETF. This is now a Proposed Standard Protocol. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs. --MIMEStream=_0+223009_4330376467124_96428787708 Content-Type: Multipart/Alternative; boundary="MIMEStream=_1+238990_86606001911771_1880957582" --MIMEStream=_1+238990_86606001911771_1880957582 Content-Type: Message/External-body; access-type="mail-server"; server="RFC-INFO@RFC-EDITOR.ORG" Content-Type: text/plain Content-ID: <030828122733.RFC@RFC-EDITOR.ORG> RETRIEVE: rfc DOC-ID: rfc3585 --MIMEStream=_1+238990_86606001911771_1880957582 Content-Type: Message/External-body; name="rfc3585.txt"; site="ftp.isi.edu"; access-type="anon-ftp"; directory="in-notes" Content-Type: text/plain Content-ID: <030828122733.RFC@RFC-EDITOR.ORG> --MIMEStream=_1+238990_86606001911771_1880957582-- --MIMEStream=_0+223009_4330376467124_96428787708--