[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SAIDs and formats



Antony,


	The algorithm-dependent control info that Ran was referring to
is variable on a per-message basis, and thus cannot be subsumed by
reference through the SAID.  For example, a encryption mode that
requires a per-packet IV or padding that is required to match an
algorithm's block size would go in these areas.

	The SAID will indicate which services are employed and so it
can be used to indicated wether encryption and/or integrity checking
transforms have been applied.  However, if the representation needed
for integrity for all traffic (as a default), and which is intended to
live in the IP header, conflcits with some of the requirements for an
explicit IPSP layer, then using different IDs seems approriate.

Steve