[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Granularity of authentication in swIPe
Steve Kent says:
> The scenarios I envision that might require lots of SAIDs are
> ones in which IPSP is implemented at one routers for large
> organizations. An organization may elect to assign a different SAID
> for each (ultimate) source-destination address pair. But SAIDs must
> be unique on a S/D basis between the IPSP implementation points, in
> this case the routers. Thus there could be a need for many SAIDs
> between a pair of IPSP-capable routers. If the hosts behind the
> routers are allowed to ask for finer granularity associations, e.g.,
> per TCP connection, then the number could grow even more.
Steve;
Follow-Ups:
References: