[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: key management
Hilarie Orman says:
> > On the receive side, the network layer passes
> > the SAID up with the (decrypted) packet so that the transport can
> > compare the SAID against the one it is supposed to be using for the
> > socket in question.
>
> Do you mean that the transport layer checks that the user id associated
> with the SAID is the same as the user id associated with the socket?
No. The socket could only be bound to a particular SAID by the owner
of the SAID -- that check need only be done once. The transport need
merely make sure that if it has been set to use a SAID for its work
that the network layer's idea of what SAID was being used is the same
as its own.
Perry
Follow-Ups:
References: