[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Granularity of authentication in swIPe

To: Phil Karn <karn@qualcomm.com>
Subject: Re: Granularity of authentication in swIPe
From: Steve Kent <kent@BBN.COM>
Date: Fri, 17 Jun 94 11:55:29 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Thu, 16 Jun 94 19:31:00 -0700. <199406170231.TAA21370@servo.qualcomm.com>

Phil,

	The scenarios I envision that might require lots of SAIDs are
ones in which IPSP is implemented at one routers for large
organizations.  An organization may elect to assign a different SAID
for each (ultimate) source-destination address pair.  But SAIDs must
be unique on a S/D basis between the IPSP implementation points, in
this case the routers.  Thus there could be a need for many SAIDs
between a pair of IPSP-capable routers.  If the hosts behind the
routers are allowed to ask for finer granularity associations, e.g.,
per TCP connection, then the number could grow even more.

Steve

Follow-Ups:

Re: Granularity of authentication in swIPe

From: "Perry E. Metzger" <perry@imsi.com>

References:

Re: Granularity of authentication in swIPe

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: Expired swIPe
Next by Date: Re: Granularity of authentication in swIPe
Prev by thread: Re: Granularity of authentication in swIPe
Next by thread: Re: Granularity of authentication in swIPe
Index(es):
- Main
- Thread