[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: Granularity of authentication in swIPe

To: Phil Karn <karn@qualcomm.com>
Subject: Re: Re[2]: Granularity of authentication in swIPe
From: Steve Kent <kent@BBN.COM>
Date: Mon, 27 Jun 94 10:06:45 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Fri, 24 Jun 94 17:20:10 -0700. <199406250020.RAA26333@servo.qualcomm.com>

Phil,

	I realize that the swIPe model calls for the ultimate source
and destination addresses to be part of the SAID, but that is not the
general model for SAIDs.  By including the S/D address in the SAID,
one imposes some limitations on policies for key menagement
granularity.  That's why I have not assumed any use of addresses in
conjunction with the SAID, as additional qualifiers.

Steve

References:

Re: Re[2]: Granularity of authentication in swIPe

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: Re[2]: Granularity of authentication in swIPe
Next by Date: Re: swIPe comments
Prev by thread: Re: Re[2]: Granularity of authentication in swIPe
Next by thread: Re: Granularity of authentication in swIPe
Index(es):
- Main
- Thread