[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP DOI Question (General, Not IP Specific)

To: ho@earth.hpc.org (Hilarie Orman)
Subject: Re: ISAKMP DOI Question (General, Not IP Specific)
From: "Elfed T. Weaver" <weaver@hydra.dra.hmg.gb>
Date: Wed, 18 Dec 1996 17:46:43 +0000
CC: ipsec@tis.com
Comments: Authenticated sender is <weaver@hydra.dra.hmg.gb>
Sender: owner-ipsec@ex.tis.com

> Date:          Wed, 18 Dec 1996 11:51:54 -0500
> From:          ho@earth.hpc.org (Hilarie Orman)
> To:            weaver@hydra.dra.hmg.gb
> Cc:            ipsec@tis.com
> Subject:       Re: ISAKMP DOI Question (General, Not IP Specific)

> >   > - There can only be one SA between two machines at a given time.
> 
> >   I suppose this depends on who owns the SA i.e. if the owner of an SA 
> >   is identified by the IP addr only (and a host only has one IP addr) 
> >   then IMHO there can be only one pair of unidirectional SAs between any pair of 
> >   machines.
> 
> Why?  The SA has an identifier; you can several SA's for the same identities
> without fear of confusion.
> 
> 


On the down call (or outbound), there is no notion of a SPI, the information 
available to identify an SA is Dest Addr and Port No (and possibly 
user id)

****************************************************

Elfed T. Weaver
Defence Research Agency
Malvern
UK

weaver@hydra.dra.hmg.gb

Follow-Ups:

Re: ISAKMP DOI Question (General, Not IP Specific)

From: Ran Atkinson <rja@cisco.com>

Prev by Date: Re: ISAKMP DOI Question (General, Not IP Specific)
Next by Date: Re: Replay counter sizes: AH vs ESP -Reply
Prev by thread: Re: ISAKMP DOI Question (General, Not IP Specific)
Next by thread: Re: ISAKMP DOI Question (General, Not IP Specific)
Index(es):
- Main
- Thread