[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Grouping SAs (was Re: How many algorithms per SA/Transform?)

To: "C. Harald Koch" <chk@utcc.utoronto.ca>
Subject: Grouping SAs (was Re: How many algorithms per SA/Transform?)
From: Ben Rogers <ben@Ascend.COM>
Date: Fri, 7 Mar 1997 10:53:40 -0500 (EST)
Cc: ipsec@tis.com
In-Reply-To: <97Mar6.142500est.11651@elgreco.rnd.border.com>
Reply-To: ben@Ascend.COM (Ben Rogers)
Sender: owner-ipsec@ex.tis.com

C. Harald Koch writes:

> Which brings us back to an old question: what do you call the set of
> Security Associations that describe the actual desired results, as in
> 
> "use AH(HMAC-ND5) for authentication, ESP(DES)(tunnel mode) for encryption,
>      -------------------------------  ------------------------------------
>                  SA 1                          SA 2
> 
> and only accept traffic that has AH(HMAC-MD5) , ESP(DES)(tunnel mode)."
>                                   -----------   ---------------------
>                                       SA 3              SA 4
> 
> 
> Is this perhaps a "Security Association Bundle"? Anyone got a better name?

We use the term "Security Scheme" which is nice because it is relatively
simple, accurately portrays it's own contents, and doesn't sound like a
stilted computer geek term.

Of course, if the IETF needs to acronym-ize the term (as it seems to do
with everything in the whole world), you might end up with a bit of a
negative connotation.

ben

References:

Grouping SAs (was Re: How many algorithms per SA/Transform?)

From: "C. Harald Koch" <chk@utcc.utoronto.ca>

Prev by Date: Re: Grouping SAs (was Re: How many algorithms per SA/Transform?)
Next by Date: Re: question about draft semantics
Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Index(es):
- Main
- Thread