[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about draft-ietf-ipsec-arch-sec-03.txt

To: Christophe Gouault <Christophe.Gouault@dassault-elec.fr>
Subject: Re: Question about draft-ietf-ipsec-arch-sec-03.txt
From: Stephen Kent <kent@bbn.com>
Date: Thu, 12 Mar 1998 15:05:26 -0500 (EST)
Cc: ipsec@tis.com
In-Reply-To: <Pine.SOL.3.95.980310132343.15909B-100000@viviane.dassault-elec.fr>
Sender: owner-ipsec@ex.tis.com

Chirs,

You provide simple examples of how ordering can be inferred from IP address
ranges or widlcarded addresses.  However, the set of selector supported by
IPsec in an SPD is more than just addresses and we have previously
explained why explicit ordering is needed, i.e., we have a 5+ dimensional
space and no total ordering can be applied to entries in that space, in
general.

For inbound traffic, we have an SPI to guide us to an SAD entry and an
opportunity to have backpointers in the SAD to guide us to appropriate SPD
entries.  The NOTE refers to the possible complexity that arises from
sharing SA bundles resulting from application of of different policies.

Steve

References:

Question about draft-ietf-ipsec-arch-sec-03.txt

From: Christophe Gouault <Christophe.Gouault@dassault-elec.fr>

Prev by Date: RE: comments on draft-ietf-ipsec-ciph-cbc-02.txt
Next by Date: Re: doi-07/interoperability questions
Prev by thread: Question about draft-ietf-ipsec-arch-sec-03.txt
Next by thread: doi-07/interoperability questions
Index(es):
- Main
- Thread