[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How many algorithms per SA/Transform?
Naganand Doraswamy writes:
> At 02:06 PM 3/3/97 -0800, Dan McDonald wrote:
> >Hi folks!
> >
> >I've a question about algorithms per transform/SA. The question is:
> >
> > Will there realistically be more than one algorithm of a given
> > type (i.e. 2 or more ENCRYPTION algorithms or 2 or more
> > AUTHENTICATION algorithms) in a single security association?
>From the latest draft (draft-ietf-ipsec-arch-sec-01.txt), I understand
that that you should never have more than one transform per SA:
1.5 Security Association Management
...
A single IPsec Security Association is a simplex (unidirectional)
connection with which either AH or ESP (but not both) is employed. If both
AH and ESP protection is to be applied to a traffic stream, then two (or
more) security associations are created to control processing of the
traffic stream.
To me, this seems to be a clarifcation of RFC1825, and not a change in
intent. Is this not the case?
ben
Follow-Ups:
References: