[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPI orthogonality

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: SPI orthogonality
From: Stephen Kent <kent@bbn.com>
Date: Thu, 10 Jul 1997 14:50:28 -0400
Cc: ipsec@tis.com
In-Reply-To: <199707101501.LAA25310@dcl.MIT.EDU>
References: Stephen Kent's message of Wed, 9 Jul 1997 18:57:29 -0400,<v03007811afe9b2d40df7@[128.89.0.110]>
Sender: owner-ipsec@ex.tis.com

Ted,

The Architecture RFC (1825) was not clear on this point, and it might be
interpreted to accommodate both AH and ESP use in a single SA.  However, in
section 1.5 of the most recently published architecture I-D (November,
1996) Ran answers the question clearly  with the following text:

   "A single IPsec Security Association is a simplex (unidirectional)
   connection with which either AH or ESP (but not both) is employed.  If both
   AH and ESP protection is to be applied to a traffic stream, then two (or
   more) security associations are created to control processing of the
   traffic stream."

So, I have been working under the assumption that this was not an open
question and thus the SPI text was not ambiguous.


Steve

Follow-Ups:

Comment cutoff! For now.

From: Robert Moskowitz <rgm3@chrysler.com>

References:

Re: SPI orthogonality

From: Stephen Kent <kent@bbn.com>

Re: SPI orthogonality

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: Re: SPI orthogonality
Next by Date: Re: SPI orthogonality
Prev by thread: Re: SPI orthogonality
Next by thread: Comment cutoff! For now.
Index(es):
- Main
- Thread