[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPI orthogonality
Ted,
The Architecture RFC (1825) was not clear on this point, and it might be
interpreted to accommodate both AH and ESP use in a single SA. However, in
section 1.5 of the most recently published architecture I-D (November,
1996) Ran answers the question clearly with the following text:
"A single IPsec Security Association is a simplex (unidirectional)
connection with which either AH or ESP (but not both) is employed. If both
AH and ESP protection is to be applied to a traffic stream, then two (or
more) security associations are created to control processing of the
traffic stream."
So, I have been working under the assumption that this was not an open
question and thus the SPI text was not ambiguous.
Steve
Follow-Ups:
References: