From owner-ipsec-policy@mail.vpnc.org Mon Nov 12 08:01:30 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA27196 for ; Mon, 12 Nov 2001 08:01:29 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fACC1en23431 for ipsec-policy-bks; Mon, 12 Nov 2001 04:01:40 -0800 (PST) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fACC1c823427 for ; Mon, 12 Nov 2001 04:01:39 -0800 (PST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA25011; Mon, 12 Nov 2001 07:01:37 -0500 (EST) Message-Id: <200111121201.HAA25011@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ipsec-policy@vpnc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-ipsp-config-policy-model-04.txt Date: Mon, 12 Nov 2001 07:01:37 -0500 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Policy Working Group of the IETF. Title : IPsec Configuration Policy Model Author(s) : J. Jason, L. Rafalow, E. Vyncke Filename : draft-ietf-ipsp-config-policy-model-04.txt Pages : 82 Date : 09-Nov-01 This document presents an object-oriented model of IPsec policy designed to: o facilitate agreement about the content and semantics of IPsec policy o enable derivations of task-specific representations of IPsec policy such as storage schema, distribution representations, and policy specification languages used to configure IPsec- enabled endpoints The schema described in this document models the IKE phase one parameters as described in [IKE] and the IKE phase two parameters for the IPsec Domain of Interpretation as described in [COMP, ESP, AH, DOI]. It is based upon the core policy classes as defined in the Policy Core Information Model (PCIM) [PCIM]. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ipsp-config-policy-model-04.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20011109132231.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-ipsp-config-policy-model-04.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20011109132231.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ipsec-policy@mail.vpnc.org Mon Nov 12 08:02:25 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA27235 for ; Mon, 12 Nov 2001 08:02:24 -0500 (EST) Received: by above.proper.com (8.11.6/8.11.3) id fACC4dc23506 for ipsec-policy-bks; Mon, 12 Nov 2001 04:04:39 -0800 (PST) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fACC4c823502 for ; Mon, 12 Nov 2001 04:04:38 -0800 (PST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA25368; Mon, 12 Nov 2001 07:04:37 -0500 (EST) Message-Id: <200111121204.HAA25368@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ipsec-policy@vpnc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-ipsp-config-policy-model-04.txt Date: Mon, 12 Nov 2001 07:04:36 -0500 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Policy Working Group of the IETF. Title : IPsec Configuration Policy Model Author(s) : J. Jason, L. Rafalow, E. Vyncke Filename : draft-ietf-ipsp-config-policy-model-04.txt Pages : 82 Date : 09-Nov-01 This document presents an object-oriented model of IPsec policy designed to: o facilitate agreement about the content and semantics of IPsec policy o enable derivations of task-specific representations of IPsec policy such as storage schema, distribution representations, and policy specification languages used to configure IPsec- enabled endpoints The schema described in this document models the IKE phase one parameters as described in [IKE] and the IKE phase two parameters for the IPsec Domain of Interpretation as described in [COMP, ESP, AH, DOI]. It is based upon the core policy classes as defined in the Policy Core Information Model (PCIM) [PCIM]. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ipsp-config-policy-model-04.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20011109152722.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-ipsp-config-policy-model-04.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20011109152722.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ipsec-policy@mail.vpnc.org Mon Nov 12 20:01:33 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA25777 for ; Mon, 12 Nov 2001 20:01:32 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAD0BnM11002 for ipsec-policy-bks; Mon, 12 Nov 2001 16:11:49 -0800 (PST) Received: from megisto-sql1.megisto.com ([63.113.114.132]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAD0Bk810995 for ; Mon, 12 Nov 2001 16:11:47 -0800 (PST) Received: from megisto.com (ppp-196-42-28-70.coqui.net [196.42.28.70]) by megisto-sql1.megisto.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id 4XBK0CXP; Mon, 12 Nov 2001 19:08:14 -0500 Message-ID: <3BF06518.AA971943@megisto.com> Date: Mon, 12 Nov 2001 19:11:04 -0500 From: "Luis A. Sanchez" Organization: Megisto Systems X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "ipsec-policy@vpnc.org" Subject: [Fwd: I-D ACTION:draft-ietf-ipsp-config-policy-model-04.txt] Content-Type: multipart/mixed; boundary="------------A2E5ADD2B03942CE7292D7E2" Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This is a multi-part message in MIME format. --------------A2E5ADD2B03942CE7292D7E2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Folks, With the publication of this version (v4) of the IPsec Configuration Policy Model we begin a WG last call. This period should last two weeks (until November 26th). Please send suggestions, comments, concerns, questions and flames regarding this document to the mailing list. The goal is to get the document ready for PS publication. Please read it!!! Thanks! Hilarie/Luis -------- Original Message -------- Subject: I-D ACTION:draft-ietf-ipsp-config-policy-model-04.txt Date: Mon, 12 Nov 2001 07:04:36 -0500 From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org To: IETF-Announce: ; CC: ipsec-policy@vpnc.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Policy Working Group of the IETF. Title : IPsec Configuration Policy Model Author(s) : J. Jason, L. Rafalow, E. Vyncke Filename : draft-ietf-ipsp-config-policy-model-04.txt Pages : 82 Date : 09-Nov-01 This document presents an object-oriented model of IPsec policy designed to: o facilitate agreement about the content and semantics of IPsec policy o enable derivations of task-specific representations of IPsec policy such as storage schema, distribution representations, and policy specification languages used to configure IPsec- enabled endpoints The schema described in this document models the IKE phase one parameters as described in [IKE] and the IKE phase two parameters for the IPsec Domain of Interpretation as described in [COMP, ESP, AH, DOI]. It is based upon the core policy classes as defined in the Policy Core Information Model (PCIM) [PCIM]. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ipsp-config-policy-model-04.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-ipsp-config-policy-model-04.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --------------A2E5ADD2B03942CE7292D7E2 Content-Type: Message/External-body; name="draft-ietf-ipsp-config-policy-model-04.txt" Content-Disposition: inline; filename="draft-ietf-ipsp-config-policy-model-04.txt" Content-Transfer-Encoding: 7bit --------------A2E5ADD2B03942CE7292D7E2-- From owner-ipsec-policy@mail.vpnc.org Wed Nov 14 00:55:20 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA29285 for ; Wed, 14 Nov 2001 00:55:19 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAE4qKm26269 for ipsec-policy-bks; Tue, 13 Nov 2001 20:52:20 -0800 (PST) Received: from jxmls02.se.mediaone.net (jxmls02.se.mediaone.net [24.129.0.110]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAE4qI826265 for ; Tue, 13 Nov 2001 20:52:18 -0800 (PST) Received: from [192.168.1.68] (rr-56-52-46.atl.attbroadband.com [66.56.52.46] (may be forged)) by jxmls02.se.mediaone.net (8.11.1/8.11.1) with ESMTP id fAE4uOP20861 for ; Tue, 13 Nov 2001 23:56:25 -0500 (EST) Mime-Version: 1.0 Message-Id: Date: Tue, 13 Nov 2001 23:48:30 -0500 To: ipsec-policy@vpnc.org From: Robert Story Subject: MIB questions Content-Type: text/plain; charset="us-ascii" Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: In the ikeActionTable, the ikeActionParametersName column is not an index, but has a MAX-ACCESS of not-accessible. I'm guessing this used to be an index and was missed. Otherwise, the DESCRIPTION clause should be updated to indicate where this value should come from. It would be nice if the xxxLastChanged columns were consistently named. Some are *LastChange, others are *LastChanged. From owner-ipsec-policy@mail.vpnc.org Wed Nov 14 13:09:56 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08540 for ; Wed, 14 Nov 2001 13:09:54 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAEGZ7m03085 for ipsec-policy-bks; Wed, 14 Nov 2001 08:35:07 -0800 (PST) Received: from wanderer.hardakers.net (IDENT:root@dns2.hardaker.davis.ca.us [168.150.190.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAEGZ5803080 for ; Wed, 14 Nov 2001 08:35:05 -0800 (PST) Received: (from hardaker@localhost) by wanderer.hardakers.net (8.11.6/8.11.6) id fAEGUpJ01950; Wed, 14 Nov 2001 08:30:51 -0800 X-Authentication-Warning: wanderer.hardakers.net: hardaker set sender to wes@hardakers.net using -f To: Robert Story Cc: ipsec-policy@vpnc.org Subject: Re: MIB questions References: From: Wes Hardaker Organization: Network Associates - NAI Labs X-Face: #qW^}a%m*T^{A:Cp}$R\"38+d}41-Z}uU8,r%F#c#s:~Nzp0G9](s?,K49KJ]s"*7gvRgA SrAvQc4@/}L7Qc=w{)]ACO\R{LF@S{pXfojjjGg6c;q6{~C}CxC^^&~(F]`1W)%9j/iS/ IM",B1M.?{w8ckLTYD'`|kTr\i\cgY)P4 Date: Wed, 14 Nov 2001 08:30:51 -0800 In-Reply-To: (Robert Story's message of "Tue, 13 Nov 2001 23:48:30 -0500") Message-ID: Lines: 20 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) XEmacs/21.4 (Civil Service, i686-pc-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: >>>>> On Tue, 13 Nov 2001 23:48:30 -0500, Robert Story said: Robert> In the ikeActionTable, the ikeActionParametersName column is Robert> not an index, but has a MAX-ACCESS of not-accessible. I'm Robert> guessing this used to be an index and was missed. Otherwise, Robert> the DESCRIPTION clause should be updated to indicate where Robert> this value should come from. Fixed. Robert> It would be nice if the xxxLastChanged columns were consistently named. Robert> Some are *LastChange, others are *LastChanged. Fixed (+d) -- Wes Hardaker NAI Labs Network Associates From owner-ipsec-policy@mail.vpnc.org Wed Nov 14 15:58:35 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA16330 for ; Wed, 14 Nov 2001 15:58:35 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAEK2Ej17865 for ipsec-policy-bks; Wed, 14 Nov 2001 12:02:14 -0800 (PST) Received: from freesnmp.com (IDENT:root@sps-c1s5p9.dca1.superb.net [207.228.250.93]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAEK2C817861 for ; Wed, 14 Nov 2001 12:02:13 -0800 (PST) Received: (from rks@localhost) by freesnmp.com (8.9.3/8.9.3) id OAA04881; Wed, 14 Nov 2001 14:59:14 -0500 Date: Wed, 14 Nov 2001 14:59:14 -0500 From: Robert Story To: Wes Hardaker Cc: ipsec-policy@vpnc.org Subject: Re: MIB questions Message-ID: <20011114145914.A3980@freesnmp.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from wes@hardakers.net on Wed, Nov 14, 2001 at 08:30:51AM -0800 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: On Wed, Nov 14, 2001 at 08:30:51AM -0800, Wes Hardaker wrote: > peGroupName description refers to non-existent table policyIPsecRulesInGroupTable (guessing it should now be policyRuleDefinitionTable?) From owner-ipsec-policy@mail.vpnc.org Thu Nov 15 08:05:08 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA20770 for ; Thu, 15 Nov 2001 08:05:06 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAFC2QM22870 for ipsec-policy-bks; Thu, 15 Nov 2001 04:02:26 -0800 (PST) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAFC2O822865 for ; Thu, 15 Nov 2001 04:02:24 -0800 (PST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA17927; Thu, 15 Nov 2001 07:02:23 -0500 (EST) Message-Id: <200111151202.HAA17927@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ipsec-policy@vpnc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-ipsp-msme-00.txt Date: Thu, 15 Nov 2001 07:02:23 -0500 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Policy Working Group of the IETF. Title : Multidimensional Security Policy Management and Enhancements for IP Security Policy Author(s) : M. Condell Filename : draft-ietf-ipsp-msme-00.txt Pages : 17 Date : 14-Nov-01 This document describes the requirements and architecture for supporting security policy resolution among a coalition of partners. It then discusses how solutions necessary for the coalition resolution problem may be utilized to improve the on-going development of an IPSP solution. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-msme-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ipsp-msme-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-ipsp-msme-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20011114144558.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-ipsp-msme-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-ipsp-msme-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20011114144558.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ipsec-policy@mail.vpnc.org Mon Nov 19 21:22:23 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA07346 for ; Mon, 19 Nov 2001 21:22:17 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAJNgjg00578 for ipsec-policy-bks; Mon, 19 Nov 2001 15:42:45 -0800 (PST) Received: from redcreek4.redcreek.com (fw.redcreek.com [209.218.199.28] (may be forged)) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAJNgW800570 for ; Mon, 19 Nov 2001 15:42:43 -0800 (PST) Received: by redcreek4.redcreek.com with Internet Mail Service (5.5.2653.19) id ; Mon, 19 Nov 2001 15:42:30 -0800 Received: from redcreek.com (host186.redcreek.com [209.218.26.186]) by exchange.redcreek.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id WMRSBF9C; Mon, 19 Nov 2001 15:44:21 -0800 Message-ID: <3BF999D8.61C6B2E6@redcreek.com> Date: Mon, 19 Nov 2001 15:46:32 -0800 From: Ricky Charlet Organization: Redcreek Communications X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: ".ipsec-policy" Subject: plans for updated policy schema after new IKE work? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 7bit Howdy, How would our new IKE/IKE-replacement drafts affect the IPsecPolicy schema? Would we ratify these as is and do other schema docs later? Or would we hold these current schema docs in check untill we find out how the IKE protocol will look in the near future? Just asking... and I hope not to start any flame wars. I ask because as one of the co-authors of the IPsec Configuration MIB doc, I would be interested to know if we will have to work to move our doc into compliance with a possible new policy schema. -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin Ricky Charlet : SonicWall Inc. : usa (510) 497-2103 From owner-ipsec-policy@mail.vpnc.org Wed Nov 21 17:09:24 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10665 for ; Wed, 21 Nov 2001 17:09:23 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fALKwU020268 for ipsec-policy-bks; Wed, 21 Nov 2001 12:58:30 -0800 (PST) Received: from D2CSPIMG001.smartpipes.com (d2cspimg001.smartpipes.com [63.89.185.24]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fALKwT820262 for ; Wed, 21 Nov 2001 12:58:29 -0800 (PST) Received: by D2CSPIMG001.smartpipes.com with Internet Mail Service (5.5.2653.19) id <44MDDM5F>; Wed, 21 Nov 2001 20:58:26 -0000 Message-ID: <4652644B98DFF34696801F8F3070D3FE01188456@D2CSPEXM001.smartpipes.com> From: "Wang, Cliff" To: ipsec-policy@vpnc.org Subject: FW: ppvpn I-D ACTION:draft-wang-cevpn-group-00.txt Date: Wed, 21 Nov 2001 20:58:17 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C172CF.3E7953E0" Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C172CF.3E7953E0 Content-Type: text/plain We had produced a new draft discussing the use of VPN group in VPN planning and provisioning. In real world deployment, we find the necessity of deploying VPN belong simple topologies. We need a way to model and provision complex VPN. Group based VPN policy could potentially serve the purpose. Although this draft is submitted to the PPVPN WG, we would like to get input from this list. Your comments on the draft are greatly appreciated. -----Original Message----- From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] Sent: Monday, November 19, 2001 8:32 AM Cc: ppvpn@zephion.net Subject: ppvpn I-D ACTION:draft-wang-cevpn-group-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : VPN Group Support for CE-based IPsec VPN Author(s) : C. Wang Filename : draft-wang-cevpn-group-00.txt Pages : Date : 16-Nov-01 IPsec tunneling provides a site-to-site connection when building a CE-based IPsec VPN. In a large scale VPN deployment, especially when a service provider manages a large number VPNs, there is a need to manage IPsec tunnels on a group basis, instead of on a tunnel basis. This document describes the definition of a VPN group, its attributes, and usage of VPN group when managing IPsec tunnels. By grouping IPsec tunnels and sites into an IPsec VPN group, service providers can design, provision, and manage the IPsec-based CE VPN at both group level and tunnel/site level. This gives service providers more flexibility and provides more aggregation capability to reduce operation complexity. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-wang-cevpn-group-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-wang-cevpn-group-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-wang-cevpn-group-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. ------_=_NextPart_000_01C172CF.3E7953E0 Content-Type: message/rfc822 To: Subject: Date: Wed, 21 Nov 2001 20:58:26 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_002_01C172CF.3E7953E0" ------_=_NextPart_002_01C172CF.3E7953E0 Content-Type: text/plain ------_=_NextPart_002_01C172CF.3E7953E0 Content-Type: application/octet-stream; name="ATT14719" Content-Disposition: attachment; filename="ATT14719" Content-type: message/external-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20011116142540.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-wang-cevpn-group-00.txt ------_=_NextPart_002_01C172CF.3E7953E0 Content-Type: message/external-body; site="internet-drafts"; dir="draft-wang-cevpn-group-00.txt"; mode="ftp.ietf.org"; access-type="anon-ftp" ------_=_NextPart_002_01C172CF.3E7953E0-- ------_=_NextPart_000_01C172CF.3E7953E0-- From owner-ipsec-policy@mail.vpnc.org Wed Nov 21 18:36:34 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13453 for ; Wed, 21 Nov 2001 18:36:33 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fALMUlT26207 for ipsec-policy-bks; Wed, 21 Nov 2001 14:30:47 -0800 (PST) Received: from wanderer.hardakers.net (IDENT:root@dns2.hardaker.davis.ca.us [168.150.190.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fALMUi826202 for ; Wed, 21 Nov 2001 14:30:44 -0800 (PST) Received: (from hardaker@localhost) by wanderer.hardakers.net (8.11.6/8.11.6) id fALLQ3c01517; Wed, 21 Nov 2001 13:26:04 -0800 X-Authentication-Warning: wanderer.hardakers.net: hardaker set sender to wes@hardakers.net using -f To: Ricky Charlet Cc: ".ipsec-policy" Subject: Re: plans for updated policy schema after new IKE work? References: <3BF999D8.61C6B2E6@redcreek.com> From: Wes Hardaker Organization: Network Associates - NAI Labs X-Face: #qW^}a%m*T^{A:Cp}$R\"38+d}41-Z}uU8,r%F#c#s:~Nzp0G9](s?,K49KJ]s"*7gvRgA SrAvQc4@/}L7Qc=w{)]ACO\R{LF@S{pXfojjjGg6c;q6{~C}CxC^^&~(F]`1W)%9j/iS/ IM",B1M.?{w8ckLTYD'`|kTr\i\cgY)P4 Date: Wed, 21 Nov 2001 13:26:03 -0800 In-Reply-To: <3BF999D8.61C6B2E6@redcreek.com> (Ricky Charlet's message of "Mon, 19 Nov 2001 15:46:32 -0800") Message-ID: Lines: 30 User-Agent: Gnus/5.090004 (Oort Gnus v0.04) XEmacs/21.4 (Civil Service, i686-pc-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: >>>>> On Mon, 19 Nov 2001 15:46:32 -0800, Ricky Charlet said: Ricky> How would our new IKE/IKE-replacement drafts affect the Ricky> IPsecPolicy schema? Would we ratify these as is and do other Ricky> schema docs later? Or would we hold these current schema docs Ricky> in check untill we find out how the IKE protocol will look in Ricky> the near future? Ricky> Just asking... and I hope not to start any flame wars. I ask Ricky> because as one of the co-authors of the IPsec Configuration MIB Ricky> doc, I would be interested to know if we will have to work to Ricky> move our doc into compliance with a possible new policy schema. Ricky, I think that the data model and the MIB can both handle being modified in a fairly minor way in order to reflect new IKE replacements, assuming something drastic isn't done to the fundamental philosophy. You probably haven't read either of the documents in quite a while, but I suspect that they're already fairly well set up to simply add in a new "son-of-ike" plugin set to deal with this. This is simplifying it a bit, of course, but in general I still think it's roughly true. Plus, I doubt we can plan for the future to such a point that we can start fixing things now before the new-IKE-authors have broken things ;-) -- Wes Hardaker NAI Labs Network Associates From owner-ipsec-policy@mail.vpnc.org Thu Nov 22 04:22:09 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA11212 for ; Thu, 22 Nov 2001 04:22:09 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAM8YPd02871 for ipsec-policy-bks; Thu, 22 Nov 2001 00:34:25 -0800 (PST) Received: from cisco.com (brussels.cisco.com [144.254.15.68]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAM8YO802865 for ; Thu, 22 Nov 2001 00:34:24 -0800 (PST) Received: from EVYNCKE-W2K.cisco.com (evyncke-isdn-home.cisco.com [10.49.1.170]) by cisco.com (8.8.8+Sun/8.8.8) with ESMTP id JAA21992; Thu, 22 Nov 2001 09:34:15 +0100 (MET) Message-Id: <4.3.2.7.2.20011122091302.0222f520@brussels.cisco.com> X-Sender: evyncke@brussels.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 22 Nov 2001 09:18:21 +0100 To: Ricky Charlet From: Eric Vyncke Subject: Re: plans for updated policy schema after new IKE work? Cc: ".ipsec-policy" In-Reply-To: <3BF999D8.61C6B2E6@redcreek.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Ricky, Actually, Luis and us have given some thinking about the impact of the new IKE work. The -04 version of ICPM has even a change for it: - a class SANegotiationAction: which should be the super class of all IKE & KINK & JFK of the world - a class IKENegotiaionAction: which is a sub-class of SANegotiationAction for IKE (phases 1 & 2) This should work for KINK at the time of writing -04. I still have to look into JFK but extension to JFK should be pretty easy as long as JFK respects RFC 2401. ICPM is mostly about SPD. On another point of view, I really doubt that the IKEng will be implemented before months and, as I'm more from the deployment side of IPSec, I have strong doubts whether IPSec users will ever deploy the new IKE... Just my 0.50 BEF (soon to be 0.01 EUR) -eric At 15:46 19/11/2001 -0800, Ricky Charlet wrote: >Howdy, > > How would our new IKE/IKE-replacement drafts affect the IPsecPolicy >schema? Would we ratify these as is and do other schema docs later? Or >would we hold these current schema docs in check untill we find out how >the IKE protocol will look in the near future? > > Just asking... and I hope not to start any flame wars. I ask > because as >one of the co-authors of the IPsec Configuration MIB doc, I would be >interested to know if we will have to work to move our doc into >compliance with a possible new policy schema. > > >-- >"They that can give up essential liberty to obtain a little temporary >safety deserve neither liberty nor safety." Benjamin Franklin > > Ricky Charlet : SonicWall Inc. : usa (510) 497-2103 From owner-ipsec-policy@mail.vpnc.org Fri Nov 30 07:18:57 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06132 for ; Fri, 30 Nov 2001 07:18:57 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAUAvoL11588 for ipsec-policy-bks; Fri, 30 Nov 2001 02:57:50 -0800 (PST) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAUAvm811579 for ; Fri, 30 Nov 2001 02:57:49 -0800 (PST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA02100; Fri, 30 Nov 2001 05:57:44 -0500 (EST) Message-Id: <200111301057.FAA02100@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ipsec-policy@vpnc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-ipsp-ipsec-conf-mib-02.txt Date: Fri, 30 Nov 2001 05:57:43 -0500 Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Policy Working Group of the IETF. Title : IPsec Policy Configuration MIB Author(s) : M. Baer et al. Filename : draft-ietf-ipsp-ipsec-conf-mib-02.txt Pages : 79 Date : 29-Nov-01 This document defines a configuration MIB for IPsec [IPSEC]/IKE [IKE] policy. It does not define MIBs for monitoring the state of an IPsec device. It does not define MIBs for configuring other policy related actions. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-ipsec-conf-mib-02.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ipsp-ipsec-conf-mib-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-ipsp-ipsec-conf-mib-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20011129143743.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-ipsp-ipsec-conf-mib-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-ipsp-ipsec-conf-mib-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20011129143743.I-D@ietf.org> --OtherAccess-- --NextPart-- From owner-ipsec-policy@mail.vpnc.org Fri Nov 30 11:57:28 2001 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA21130 for ; Fri, 30 Nov 2001 11:57:28 -0500 (EST) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fAUFxc705159 for ipsec-policy-bks; Fri, 30 Nov 2001 07:59:38 -0800 (PST) Received: from sentry.gw.tislabs.com (firewall-user@sentry.gw.tislabs.com [192.94.214.100]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fAUFxb805152 for ; Fri, 30 Nov 2001 07:59:37 -0800 (PST) Received: by sentry.gw.tislabs.com; id LAA18614; Fri, 30 Nov 2001 11:04:38 -0500 (EST) Received: from raven.gw.tislabs.com(10.33.1.50) by sentry.gw.tislabs.com via smap (V5.5) id xma018579; Fri, 30 Nov 01 11:04:24 -0500 Received: (from balenson@localhost) by raven.gw.tislabs.com (8.11.6/8.11.6) id fAUFxOF21933 for ipsec-policy@vpnc.org; Fri, 30 Nov 2001 10:59:24 -0500 (EST) Date: Fri, 30 Nov 2001 10:59:24 -0500 (EST) Message-Id: <200111301559.fAUFxOF21933@raven.gw.tislabs.com> From: balenson@tislabs.com To: ipsec-policy@vpnc.org Subject: ANNOUNCE: ISOC Netw. & Distr. Sys. Security Symp. (NDSS'02) Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: R E G I S T E R N O W ! ! THE INTERNET SOCIETY'S 2002 NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS'02) February 7-8, 2002 Catamaran Resort Hotel, San Diego, California General Chair: Cliff Neuman, USC Information Sciences Institute Program Chairs: Paul Van Oorschot, Entrust Virgil Gligor, University of Maryland ONLINE INFORMATION AND REGISTRATION: http://www.isoc.org/ndss02 EARLY REGISTRATION DISCOUNT DEADLINE: January 11, 2002 The 9th annual NDSS Symposium brings together researchers, implementers, and users of network and distributed system security technologies to discuss today's important security issues and challenges. The Symposium provides a mix of technical papers and panel presentations that describe promising new approaches to security problems that are practical and, to the extent possible, have been implemented. NDSS fosters the exchange of technical information and encourages the Internet community to deploy available security technologies and develop new solutions to unsolved problems. THIS YEAR'S TOPICS INCLUDE: * Wireless Security * Analyzing the Anonymity of Anonymous Networking Protocols * Intrusion Detection and Defending Against Network Attacks * Detecting Steganographic Content on the Web * Server-Aided Digital Signatures * PKI, Certificates and Privilege Management * Various Aspects of Transport Layer Security/TLS PRE-CONFERENCE TECHNICAL TUTORIALS: * Major IETF Security Standards: PKIX, IPsec, SSL/TLS, Dr. Stephen Kent * Crash Course in SSL and TLS, Mr. Eric Rescorla * Building Secure Software, Dr. Gary McGraw * Wirelss LAN Security: Problems & Solutions, Dr. William Arbaugh * Group Security, Dr. Thomas Harjono and Mr. Hugh Harney For further information about NDSS'02 REGISTRATION contact Michele Estadt at the Internet Society at +1-703-326-9880 ext 104 or send e-mail to infondss@isoc.org SPONSORSHIP OPPORTUNITIES AVAILABLE! Take advantage of this high visibility event. Contact Martin Kupres at the Internet Society EMEA office at +41 22 807 1444 or send e-mail to sponsorndss@isoc.org. THE INTERNET SOCIETY is a non-governmental organization for global cooperation and coordination for the Internet and its internetworking technologies and applications.