[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SMBs "Problem Areas for the IP Security Protocols"--where do we go from here?

To: "marcus (m.d.) leech" <mleech@bnr.ca>
Subject: Re: SMBs "Problem Areas for the IP Security Protocols"--where do we go from here?
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Fri, 22 Mar 1996 14:59:11 -0500
Cc: ipsec@ans.net
In-Reply-To: mleech's message of Fri, 22 Mar 1996 10:46:00 -0500. <199603221546.AA242249560@bcarh6dc.ott.bnr.ca>
Sender: ipsec-request@neptune.tis.com

-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

I saw at least one other important observation of Steve's: 

The IP layer deals with one-way datagrams, but just about anything
non-trivial above the IP layer involves two-way communication at some
point (Ok, the mbone broadcasts of NASA select are one-way, but that's
an exception..), and it's important to correctly associate a message
with its reply.

therefore, there must be some facility in the key management protocol
to allow SPI's to be "paired", so that an "incoming SPI" can be
associated with a "outgoing SPI", with the result that replies to
incoming traffic received using the incoming SPI are sent using the
outgoing SPI.

I'm not quite sure how this generalizes to multicast traffic.

					- Bill




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVMGg1pj/0M1dMJ/AQEHlQP9GdOZzCRv9UQ85lyLM2OL9SOPYNH0co97
8M7+5la6TV9ZCfqoeyUjY+iG+Qib4v36quFbmq2pqHo7tY5XxOPDXVdSvz4aa8eJ
BT8ly7J+aqDN1Ed0UddyXUA4S58PlQJKb/pSIH2Ju0w2xSE5n2RlkhTqfsj8FKim
5Pk0sWYmqPE=
=0NLi
-----END PGP SIGNATURE-----

References:

SMBs "Problem Areas for the IP Security Protocols"--where do we go from here?

From: "marcus (m.d.) leech" <mleech@bnr.ca>

Prev by Date: Request for Implementation Status
Next by Date: IPsec Implementation
Prev by thread: SMBs "Problem Areas for the IP Security Protocols"--where do we go from here?
Next by thread: IPsec Implementation Survey - March 22
Index(es):
- Main
- Thread