[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Routing

To: ipsec@ans.net
Subject: Routing
From: "William Allen Simpson" <Bill.Simpson@um.cc.umich.edu>
Date: Fri, 17 Mar 95 12:19:42 GMT

> From: throop@dg-rtp.dg.com (Dean D. Throop)
> We may lose some routing flexability this way.  A router might get a
> secret message with a SAID that means secret or top secret and not be
> able to send it on the secret line.
>
There seems to be a very serious misconception about a SAID here.  This
may be because the term SAID is used in other contexts, and we should use
another term for IPSec (I complained about this long ago).

SAIDs are relative to the Destination.  No intermediate router knows the
meaning of the SAID.  No router can use a SAID in its routing decisions.

In the event that a Source wishes to specify a particular route for a
packet to travel, it needs to use a Source Route, or another policy-based
routing mechanism such as IDPR and Nimrod.  Routing is outside the scope
of this WG.


> However by abstracting all the MAC
> info into the SAID, off the shelf routers that know about SAIDs can be
> used.
>
First, this is inapplicable, since routers don't need to know about SAIDs.

Second, it would help if you used the terminology in the drafts.  MAC is
not a term used in this context.  SAIDs will not encode Media Access
Control information.  (Yes, _I_ know you meant "Message Authentication
Code", but that implies the _result_ of the hash, which is called
"Authentication Data" in our drafts.  Only the authentication _mechanism_
is indicated by our SAID.)

You have _read_ the drafts, haven't you?

Bill.Simpson@um.cc.umich.edu

Follow-Ups:

Re: Routing

From: Andy Bayerl <bayerl@zk3.dec.com>

Prev by Date: Re: (IPng) More Endpoint Attributes
Next by Date: Re: Routing
Prev by thread: subscribe
Next by thread: Re: Routing
Index(es):
- Main
- Thread