[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: the silly bit
- To: ipsec@ans.net
- Subject: Re: the silly bit
- From: Theodore Ts'o <tytso@MIT.EDU>
- Date: Tue, 28 Feb 1995 21:41:35 +0500
- Address: 1 Amherst St., Cambridge, MA 02139
- In-Reply-To: William Allen Simpson's message of Tue, 28 Feb 95 21:33:26 GMT,<4061.bsimpson@morningstar.com>
- Phone: (617) 253-8091
Quite frankly, I'm a little bit puzzled by this whole discussion ---
what's the point of designating a bit which means "this SAID is
structured", when the structure of the SAID isn't being standardizied?
What are implementations supposed to do differently when they detect
that this bit is set?
Or is what's *really* going on is this bit is saying "this SAID is for
SKIP", and what we're *really* doing is reserving one bit for the
exclusive use of SKIP? That seems unacceptable to me.
If you need to do in-line key management, why can't that be done by
defining some new, optional transforms that include extra fields which
are especially designed for in-line key management, instead of trying to
kludge it into the SAID? Then, the SAID is used as it's originally
intended to be used --- as an index into a connection table which will
indicate how the rest of the packet needs to be processed --- including
any possible in-line key management, if necessary.
I'm not convinced that, as proposed, the reserved bit will actually do
any good (besides wasting one half of the SAID space).
- Ted
References:
- the silly bit
- From: "William Allen Simpson" <bsimpson@morningstar.com>