[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification

To: ipsec@tis.com
Subject: Re: Clarification
From: suren@teil.soft.net (S. Arockia Suren)
Date: Fri, 16 May 1997 20:00:56 -0530 (IST)
Sender: owner-ipsec@ex.tis.com


>>	I beleive all negotiated SAs (ISAKMP SA as well Protocol SA)
>>	are bidirectional. The exchange of the respective SPI indicates
>>	so. Also the new exchanges described in Oakley resolution
>>	are also bidirectional. But ISAKMP draft says .. "Thus, ISAKMP
>>	SAs are bidirectional in nature". Is this only for ISAKMP SAs
>>	are also for Protocol SAs. Is there a possibility that Protocol
>>	SAs could be unidirectional either now or in the future.
>>

> ESP and AH SA's are unidirectional.
> 
> Oakley facilitates negotiation of a pair of SPI's, each one referring to
> a unique SA, going in "opposite" directions.  You might think of the pair
> as being a bi-directional SA, but the terminology is probably more confusing
> than helpful.
> 
> Hilarie

I agree. ISAKMP SAs are bidrectional because any of the negotiators can
start phase2. Similarly after oakley negotiations any party can start to
send IP packets. I would like to know if the later would be true in the
future also. Does ISAKMP allow negotiations that will be used in only
one direction inspite of SPIs exchanged.

Suren.

Prev by Date: Re: Clarification please!
Next by Date: Re: ISAKMP cookies
Prev by thread: Re: ISAKMP cookies
Next by thread: I-D ACTION:draft-simpson-esp-des3-x-01.txt
Index(es):
- Main
- Thread