On Mon, 19 Nov 2007, Paul Moore wrote: > Needless to say this is a problem and we need to move away from using the > IKE/IPsec attribute value of "10" as soon as possible. Further, simply > picking a new number is not a good solution, we should really petition IANA > to get an attribute number assigned for this purpose. However, doing so will > most likely require documenting the Linux Labeled IPsec design and submitting > it to the IETF as a draft specification for approval[4]. How likely is this approach viable, given the moratorium on ISAKMP/IKE v1 features? > If this is not > possible we will need to start investigating alternatives as "poaching" > existing standards is not a viable, maintainable solution. Note (from http://www.iana.org/assignments/isakmp-registry) "The values 32001-32767 are reserved for private use amongst cooperating systems." If we can't get an official number for use with IKEv1, then perhaps this will be our only option. - James -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
