[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) out-of-band key management is like virtual ...

To: solo@BBN.COM
Subject: Re: (IPng) out-of-band key management is like virtual ...
From: Charles Lynn <clynn@BBN.COM>
Date: Wed, 8 Mar 95 11:02:42 EST
Cc: ipng@sunroof.eng.sun.com, ipsec@ans.net

Folks,

> Without such a designator, how do you expect to handle these
> cases?

Maybe what would be useful would be to allot part of the SAID space
for "not assigned by the destination system" (but not implying any
particular "structure").  I think this would make assignment easier.

Whether or not such an allocation is made, an implementation should be
able to solve the collision problem by making <SAID, destination
address> the key, instead of simply <SAID>.  Then multicast
address(es) and locally assigned unicast address(es) could have the
same 32-bit SAID without "collision".  One might also want some
wildcard address that would match any of the system's unicast
addresses (but not any multicast address); a question for the security
experts.

Charlie

Follow-Ups:

Re: (IPng) out-of-band key management is like virtual ...

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: (IPng) out-of-band key management is like virtual ...
Next by Date: Re: (IPng) out-of-band key management is like virtual ...
Prev by thread: Re: (IPng) out-of-band key management is like virtual ...
Next by thread: Re: (IPng) out-of-band key management is like virtual ...
Index(es):
- Main
- Thread