[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: No SPD
At 11:42 AM +0500 3/17/98, K. SrinivasRao wrote:
>Hi All,
>
>with respect to the draft-ietf-ipsec-arch-sec-04.txt
>
>"The following table summarizes the relationship between the "Next Header"
>value in the packet and SPD and the *derived Port Selector value for the
>SPD and SAD.*"
>
>Above paragraph says that derive the port selectors value for both SPD and
>SAD. Why one should derive the port selectors value for SPD. I think the
>port selectors value for the SPD is determined by the adminstrator not by
>the "Next Header" value in the packet and SPD. I think we have derive the
>port selectors value only for the SAD.
>
You should note that it is possible in the SPD to specify a wildcard (ANY)
match for port fields, but also require that the SAD entry be created with
the port fields from the packet that caused the SA to be created. This is
a good way to specify per-connection keying in the SPD.
Steve
References:
- No SPD
- From: "K. SrinivasRao" <srinu@trinc.com>