[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How many algorithms per SA/Transform?

To: Naganand Doraswamy <naganand@ftp.com>
Subject: Re: How many algorithms per SA/Transform?
From: Ben Rogers <ben@Ascend.COM>
Date: Thu, 6 Mar 1997 12:58:25 -0500 (EST)
Cc: Dan.McDonald@Eng.sun.com (Dan McDonald), ipsec@tis.com
In-Reply-To: <2.2.32.19970305191238.00b439bc@mailserv-H.ftp.com>
References: <2.2.32.19970305191238.00b439bc@mailserv-H.ftp.com>
Reply-To: ben@Ascend.COM (Ben Rogers)
Sender: owner-ipsec@ex.tis.com

Naganand Doraswamy writes:
> At 02:06 PM 3/3/97 -0800, Dan McDonald wrote:
> >Hi folks!
> >
> >I've a question about algorithms per transform/SA.  The question is:
> >
> >	Will there realistically be more than one algorithm of a given
> >	type (i.e. 2 or more ENCRYPTION algorithms or 2 or more
> >	AUTHENTICATION algorithms) in a single security association?

>From the latest draft (draft-ietf-ipsec-arch-sec-01.txt), I understand
that that you should never have more than one transform per SA:

1.5 Security Association Management

...

        A single IPsec Security Association is a simplex (unidirectional)
   connection with which either AH or ESP (but not both) is employed.  If both
   AH and ESP protection is to be applied to a traffic stream, then two (or
   more) security associations are created to control processing of the
   traffic stream.

To me, this seems to be a clarifcation of RFC1825, and not a change in
intent.  Is this not the case?


ben

Follow-Ups:

Grouping SAs (was Re: How many algorithms per SA/Transform?)

From: "C. Harald Koch" <chk@utcc.utoronto.ca>

Re: How many algorithms per SA/Transform?

From: Ran Atkinson <rja@inet.org>

References:

Re: How many algorithms per SA/Transform?

From: Naganand Doraswamy <naganand@ftp.com>

Prev by Date: To compress or not to compress.
Next by Date: Re: How many algorithms per SA/Transform?
Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Index(es):
- Main
- Thread