[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: Per-socket policy and ISAKMP
From: Stephen Kent <kent () bbn ! com>
Date: 1998-01-23 23:20:22
[Download RAW message or body]
Dan,
The model I've been assuming calls for the SPD to be consulted when
a new SA is created, irrespective of whether one is the initiator or
responder. If the intent of the local policy is to require SHA-1 for all
SAs, then that should be reflected in the policy database and I would
suggest that it result in a failed ISAKMP negotiation, to avoid later
discarding of packets.
Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic