[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-des-md5-00.txt



Ran, thank you very much for the explanation. RFC1825 does say that
an SPI and a destination address uniquely identifies an SA. I think
it would be better to explicitly state this "uni-directional" nature
of an SA.

Regards, Pau-Chen

> From: Ran Atkinson <rja@cisco.com>
> Message-Id: <199605011637.JAA17389@puli.cisco.com>
> To: pau@watson.ibm.com
> Subject: Re: draft-ietf-ipsec-des-md5-00.txt
> In-Reply-To: <9605011423.AA20212@secpwr.watson.ibm.com>
> Organization: cisco Systems, Inc., Menlo Park, Ca.
> Cc: ipsec@TIS.COM
> Sender: ipsec-approval@neptune.tis.com
> Precedence: bulk
> Content-Length: 808
> Status: RO
> 
> Pau,
> 
>   RFC-1825 has always said that an IPsec Security Association is
> unidirectional, not bidirectional.  Keys are one element of an IPsec
> Security Association.  So my reading of RFC-1825 is that it already says
> that a key will normally be unidirectional.  In general, folks should
> keep in mind that a Security Association contains a lot more than key
> material.
> 
>   If you think that this needs to be made more clear, then I have no
> problems with clarifying the text when the other editorial changes get made
> to 1825-1827 (these are coming soon, but I haven't yet made the accumulated
> editorial changes).  Once I get the editorial changes in hand made, new
> I-Ds will go out so that people can review the I-Ds and remind me of
> whichever changes need to be made but have not yet been made.
> 
> Ran
> rja@cisco.com
>