[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Do we need ?
Hello,
Oops, Section 5.1.1 is correct. We had changed it in the February draft
(as noted below) and missed the text in 4.4.3.
[from list of changes -- email 2/20...]
18. Section "5.1.1. Selecting and Using an SA or SA Bundle" [outbound
processing] -- Several issues have come up.
a) How much searching of the SPD and SAD should be done
before creating a new SA?
* Several approaches to this have been brought up on the list,
e.g., see email from S. Kent 12/7/97 in reply to Ly Loi (Subj:
"Re: IPSEC arch comments"). There is a tradeoff between
spending more time to search the SAD to avoid creating
unnecessary SAs and using more space by creating potentially
redundant SAs by using the first SPD hit (if it does not point
to a matching SA). One possible enhancement would be to note
which policies create overlapping SAs when the SPD is created.
There weren't many comments, but the general feeling seemed to
be in favor of creating an SA for the first policy hit rather
than searching the whole SAD.
Thank you,
Karen