[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SIPP and SKIP. 2 subjects.

To: Ashar Aziz <ashar@firstperson.com>
Subject: Re: SIPP and SKIP. 2 subjects.
From: Steve Kent <kent@BBN.COM>
Date: Tue, 02 Aug 94 10:42:19 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Mon, 01 Aug 94 12:42:02 -0700. <9408011942.AA08679@miraj.Eng.Sun.COM>

Ashar,

	I'm a bit confused by the comments about SAIDs being reserved
to indicate a particular key exchange.  The idea of an SAID is that it
is selected by the local IPSP entity (IPSPE?) for use as the SOLE
selector for security transformation processing for incoming packets.
(This ignores multicast security associations for the moment.
Multicast SAIDs will reuqire more than purely local selection, as they
need to be unqiue across all multicast recipients.) Assuming that an
IPSPE uses the same key management technique for multiple SAs, then it
cannot use the same SAID to identify all of these SAs.  It may elect
to encode info about the key management technique in these SAIDs,
since any structure is purely a local matter, but it cannot use the
same SAID for multiple, distinct SAs.

	Was the focus of this discussion the use of SAIDs for the SA
negotiation packets?  I don't think we have talked about how the
packets exchanged for SA negotiation are handled, so far, e.g. what
protocol ID is appropriate for them, how are they "bypassed" through
the IPSP layer, etc.

Steve

References:

Re: SIPP and SKIP. 2 subjects.

From: ashar@firstperson.com (Ashar Aziz)

Prev by Date: Re: Thoughts on a basic encryption mode
Next by Date: Re: Thoughts on a basic encryption mode
Prev by thread: Re: SIPP and SKIP. 2 subjects.
Next by thread: Re: SIPP and SKIP. 2 subjects.
Index(es):
- Main
- Thread