[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Grouping SAs (was Re: How many algorithms per SA/Transform?)
C. Harald Koch writes:
> Which brings us back to an old question: what do you call the set of
> Security Associations that describe the actual desired results, as in
>
> "use AH(HMAC-ND5) for authentication, ESP(DES)(tunnel mode) for encryption,
> ------------------------------- ------------------------------------
> SA 1 SA 2
>
> and only accept traffic that has AH(HMAC-MD5) , ESP(DES)(tunnel mode)."
> ----------- ---------------------
> SA 3 SA 4
>
>
> Is this perhaps a "Security Association Bundle"? Anyone got a better name?
We use the term "Security Scheme" which is nice because it is relatively
simple, accurately portrays it's own contents, and doesn't sound like a
stilted computer geek term.
Of course, if the IETF needs to acronym-ize the term (as it seems to do
with everything in the whole world), you might end up with a bit of a
negative connotation.
ben
References: