[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: Some questions

To: Rodney Thayer <rodney@sabletech.com>, ipsec@tis.com
Subject: Re: Fwd: Re: Some questions
From: Howard Weiss <hsw@columbia.sparta.com>
Date: Tue, 12 May 1998 23:14:48 -0400
Sender: owner-ipsec@ex.tis.com

At 01:20 PM 5/12/98 -0400, Rodney Thayer wrote:
>>From: Daniel Harkins <dharkins@cisco.com>
>>
>>> 1. As stated in ISAKMP and IKE drafts, when initiator sends SA 
>>> payload containing several Proposal payloads (each of them may 
>>> contain several Transform payloads), responder MUST reply with only 
>>> one Proposal (or with some if they define a protection suit, thus 
>>> having the same Proposal number) containing only one transform. Then 
>>> initiator creates 2 SAs (outbound and inbound) using returned (and so 
>>> selected by the peer) transform and its attributes. It assumes that 
>>> both SA (in each direction) will use the same transform (e.g. 
>>> algorithm with its attributes) and will differ only in their keys. Is 
>>> this reading correct? If so, one cannot create asymmetrical SA with 
>>> ISAKMP, for example, using DES in one direction and IDEA in the 
>>> other, that might be useful under some circumstances.
>>
>>Yes, that's right, they must use the same transform. Under what situations
>>would you want to have asymmetrical SAs?
>
>If the path is assymetric, for example the downlink is high speed and the
>uplink is low speed in a mixed satellite configuration.  Or if the downlink
>must support multiple hardware platforms/implementations (imagine IPSec in a
>satellite, there's an export headache for you...) and the uplink goes over
>some
>other path.

I somewhat find it hard to believe that anyone would want to negotitate
different algorithms based on the assymetry of the connection.  I would more
imagine that the users would want to negotiate the strongest, most efficient
algorithm available for use in both directions.  However, since TCP does not
deal well with great swings in connection assymetry, there are other
problems to be solved.

Howie Weiss
 ____________________________________________________________________
|                                                                    |
|Howard Weiss                          phone (410) 381-9400 x201     |
|SPARTA, Inc.                                (301) 621-8145 x201 (DC)|
|9861 Broken Land Parkway              fax:  (410) 381-5559          |
|Columbia, MD 21046                    email: hsw@columbia.sparta.com|
|____________________________________________________________________|

Prev by Date: Re: drafts -- AH, ESP, Arch
Next by Date: Re: 40bit DES?
Prev by thread: Fwd: Re: Some questions
Next by thread: Fwd: Re: 40bit DES?
Index(es):
- Main
- Thread