Multicast SAID

["William Allen Simpson" <bsimpson@morningstar.com>]

> From: solo@BBN.COM
> In the discussions of SAID "structure" there are a couple of cases
> which I haven't been able to reconcile.  I agree that in general,
> SAIDs are assigned by the destination for unicast traffic.

> This
> doesn't seem to always translate to multicast traffic.
> In such a case, absent any structure to the
> SAID, it is possible that it will collide with an SAID I have
> assigned.  I thought it was this case that argued for some bit (either
> "originator assigned" or "multicast group") in the SAID.
>
In this case, the "bit" is actually the whole Destination field.  You
already know whether the Destination is a multicast address.

I don't see how it could possibly conflict.  If you have joined the
multicast group properly, you will know the SAID (or SAIDs) for that
group.  If you just assign SAIDs willy nilly, why of course you will
have a conflict!

Did you actually read ESP?

   A session between two nodes will normally have two SAID values (one
   in each direction).  The nodes use the combination of SAID and IP
   Destination to distinguish the correct association.

      By having the Destination select the SAID value, conflicts are
      avoided between manually configured and automatically configured
      Security Associations (when using a key management protocol).

      A given Destination is not necessarily in control of the
      negotiation process.  In the case of multicast groups, a single
      node or cooperating subset of the multicast group may work on
      behalf of the entire group to set up a Security Association.

Bill.Simpson@um.cc.umich.edu

---

• Prev by Date: Re: (IPng) Re: out-of-band key management is like virtual circuits
• Next by Date: Re: multicasting & SAIDs
• Prev by thread: Re: (IPng) out-of-band key management is like virtual ...
• Next by thread: user-to-user vs. host-to-host keying
• Index(es):
  • Main
  • Thread