I think we should *not* add this type. I don't see how a client and a gateway can agree on such a "locally meaningful name", without non-interoperable protocols (or configuration databases). And I don't think we should add this new concept, of all places, to the Redirect draft.
But of course we should reserve a portion of the new ID Type registry for
private use.
Thanks,
Yaron
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> Vijay Devarapalli
> Sent: Saturday, May 30, 2009 0:51
> To: Yoav Nir; Tero Kivinen
> Cc: [email protected]
> Subject: Re: [IPsec] Some comments about redirect
>
> Ok.
>
> Anyone else have any comments on including "4 - Locally Meaningful Name"?
>
> Vijay
>
>
> On 5/27/09 3:14 PM, "Yoav Nir" wrote:
>
> > The client has to have a PAD that includes the gateways.
> >
> > Our implementation has the client downloading the configuration (by a
> > proprietary protocol) that includes the gateway names (and how to find
> them -
> > IP address or DNS name). These gateway names can optionally be shown to
> the
> > user in the GUI. In any case, the client is as aware of the names as
> the
> > gateways.
> > ________________________________________
> > From: Vijay Devarapalli [[email protected]]
> > Sent: Thursday, May 28, 2009 01:04
> > To: Yoav Nir; Tero Kivinen
> > Cc: [email protected]
> > Subject: Re: [IPsec] Some comments about redirect
> >
> > Hi Yoav,
> >
> > On 5/27/09 3:11 AM, "Yoav Nir" wrote:
> >
> >> OK. In that case I would add to the initial registry
> >>
> >> 4 - locally meaningful name
> >
> > The client should be able to resolve this "locally meaningful name" to
> an IP
> > address to which it can initiate a new IKE_SA_INIT exchange. These
> "locally
> > meaningful names" might make sense to the pool of IKEv2 gateways, but
> would
> > it make sense to the client? How does the client figure out what the new
> VPN
> > gateway is?
> >
> > Am I missing something?
> >
> > Vijay
> >
> >>
> >> In our product, the gateways have "names" that appear both in the GUI
> and the
> >> configuration files (and logs). It's easier for them to fetch another
> >> gateway's "object" by name than by IP address. Such a name could be
> ASCII or
> >> UTF-8.
> >> ________________________________________
> >> From: Tero Kivinen [[email protected]]
> >
> >
> > Scanned by Check Point Total Security Gateway.
> >
> > Email secured by Check Point
>
> _______________________________________________
> IPsec mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ipsec
>
> Scanned by Check Point Total Security Gateway.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
