[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Do we need ?

To: ipsec@tis.com
Subject: Do we need ?
From: "srinivasrao.kulkarni" <srinu@trinc.com>
Date: Mon, 16 Mar 1998 11:40:19 +0500
Sender: owner-ipsec@ex.tis.com

Hi All,

With reference to draft-ietf-ipsec-arch-sec-03.txt
   
"For outbound processing,entries are pointed to by entries in the SPD.
Note that if an SPD entry does not currently point to an SA that is
appropriate for the packet, before it creates an SA, the implementation
should check to see if the SAD already has an appropriate SA (created by
some other SPD entry)."

"2. Match the packet's selector fields against those in the SA bundles
found in (1) to locate the first SA bundle that matches.  If no SAs were
found or none match, create an appropriate SA bundle and link the SPD entry
to the SAD entry.  If no key management entity is found, drop the packet."

In the first paragraphs it says before creating new SA one should check
whether SAD already has an appropriate SA created by some other SPD
entries.But second paragraph from section "5.1.1 Selecting and Using an SA
or SA Bundle" says if no SA found then create the new SA.

So which one to follow do we need to search the SAD for appropriate SA
created by other SPD entries or simply create the new SA, if no matching SA
found ?  

Thank U in advance


Bridging the gap between hardware and software

with best wishes
 - K. SrinivasRao(email : srinu@trinc.com )

Prev by Date: Re: ESP_NULL internet draft submitted
Next by Date: Why can't ?
Prev by thread: Do we need ?
Next by thread: Re: Do we need ?
Index(es):
- Main
- Thread