[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification please!

To: Dan.McDonald@Eng.sun.com
Subject: Re: Clarification please!
From: ho@earth.hpc.org (Hilarie Orman)
Date: Sat, 17 May 1997 10:57:53 -0400
Cc: ipsec@tis.com
In-reply-to: Yourmessage <199705162142.OAA24624@baskerville.CS.Arizona.EDU>
Sender: owner-ipsec@ex.tis.com

>	   SA PAIR  -  A pair of unidirectional SAs that provide protection
>		       on a unicast session by covering each direction.  They
>		       are otherwise matched.

>		   e.g.  SA spi=0x2112, AH, HMAC-MD5, A -> B
>			 SA spi=0x5150, AH, HMAC-MD5, B -> A

Asymmetry has been a design goal from the earliest drafts, so I'd never
considered the case above to be anything other than a subcase of a normal
pair.


>	   SA BUNDLE - A set of SAs that provide different protections.

>		   e.g.  SA spi=0x1001001, ESP, 3DES, <no auth>, A -> B
>			 SA spi=0x82069, AH, HMAC-SHA1, A -> B

>   Any comments?

I'd call it an asymmetric pair, myself.  A "bundle" conjures up a more
general concept --- I'd use it to describe things like "use AH with
spi xxxx and ESP with spi xxxx outgoing, and expect AH with spi yyyy
and ESP with spi yyyy incoming" etc.

Hilarie

Prev by Date: enskip cobfuguration
Next by Date: Workshop announcement
Prev by thread: enskip cobfuguration
Next by thread: Clarification please!
Index(es):
- Main
- Thread