[e2e] Receiving RST on a MD5 TCP connection.
RJ Atkinson
rja at extremenetworks.com
Mon Jul 4 02:17:20 PDT 2005
On Jul 1, 2005, at 13:15, Joe Touch wrote:
> RJ Atkinson wrote:
>> Along that line, it should be quite practical for someone to
>> write a "TCP MD5 Domain of Interpretation" specification to
>> permit the existing ISAKMP/IKE protocol to be used for this
>> purpose.
>>
>
> Agreed, however it's even easier to configure IKE to setup a transport
> association between BGP peers (which, as below, I presume you are
> referring to).
I am unclear what you mean by "setup a transport association".
To be clear, I was referring to the prospective use of IKE to provide
dynamic key management for the existing TCP MD5 authentication
mechanism.
As near as I can tell, the only thing missing is a "Domain of
Interpretation" specification for how IKE is applied to TCP MD5.
IKE is nicely modular in this way, so IKE can be extended in a
straight-forward manner to things well beyond IPsec (which is the
main reason I have felt all along that IKE should have been done
in a different WG than the IPsec WG).
Ran
More information about the end2end-interest
mailing list