[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification please!

To: sommerfeld@apollo.hp.com (Bill Sommerfeld)
Subject: Re: Clarification please!
From: Dan.McDonald@Eng.sun.com (Dan McDonald)
Date: Fri, 16 May 1997 14:35:22 -0700 (PDT)
Cc: ho@earth.hpc.org, suren@teil.soft.net, ipsec@tis.com
In-Reply-To: <199705161730.AA281943799@relay.hp.com> from "Bill Sommerfeld" at May 16, 97 01:29:58 pm
Sender: owner-ipsec@ex.tis.com

> Agreed.  This seems to be a common, umm, "terminology barrier" which
> newcomers (myself included) trip over.
> 
>  Part of the problem is that nobody has yet come up with a decent name
> for a "set of related SA's".

I've heard these tossed around by myself and others from time to time:

	SA PAIR  -  A pair of unidirectional SAs that provide protection
	            on a unicast session by covering each direction.  They
	            are otherwise matched.

		e.g.  SA spi=0x2112, AH, HMAC-MD5, A -> B
		      SA spi=0x5150, AH, HMAC-MD5, B -> A

	SA BUNDLE - A set of SAs that provide different protections.

		e.g.  SA spi=0x1001001, ESP, 3DES, <no auth>, A -> B
		      SA spi=0x82069, AH, HMAC-SHA1, A -> B

Any comments?

Dan

References:

Re: Clarification please!

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: RE: Clarification and a single SA
Next by Date: Re: ESP revisions straw poll
Prev by thread: Re: Clarification please!
Next by thread: enskip cobfuguration
Index(es):
- Main
- Thread