[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: reserving some SAIDs

To: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>
Subject: Re: reserving some SAIDs
From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 03 Aug 1994 12:17:39 -0400
Cc: Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>, ipsec@ans.net
In-Reply-To: Your message of "Wed, 03 Aug 1994 11:00:33 EDT." <9408031500.AA15655@skidrow.lkg.dec.com>
Reply-To: perry@imsi.com


"Donald E. Eastlake 3rd (Beast)" says:
> To my mind, any complete IP security proposal must make it possible to
> send an isolated datagram without end to end set up.  This sort of
> thing is the only way I can see to achieve that.

You have to exchange packets with KDCs or key servers to get keys, so
you are already experiencing some traffic overhead. SAID setup can
likely be accomplished with the exchange of one datagram -- this is
hardly high overhead, especially since a SAID is typically a fairly
long lived thing compared to the length of the exchange.

The model, as I understood it originally, was that SAIDs were assigned
by the receiver in any way the receiver saw fit. Is there a really
good reason to abandon this?

Perry

References:

Re: reserving some SAIDs

From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>

Prev by Date: Re: reserving some SAIDs
Next by Date: Re: IPSP & IPv6
Prev by thread: Re: reserving some SAIDs
Next by thread: Re: reserving some SAIDs
Index(es):
- Main
- Thread