[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) out-of-band key management is like virtual ...

"Housley, Russ" says:
> >As clearly described in the drafts, SAIDs are assigned at the pleasure 
> >of the entity controlling the destination address. The us of "entity 
> >controlling" rather than "destination host" was deliberate -- it was 
> >there because of multicast.
> I agree that the SAID must me assigned by the entity controlling the 
> destination address.  In fact, this is exactly my point.  Key management 
> will do something different to establish a security association for two 
> IPSP peers than to establish a multicast security association.
> The IPSP processing may well be identical once those security associations 
> are in place.

If you agree with that, then you are necessarily supporting the point
that structured SAIDs are not needed for multicast.