[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SPI question




Hello Amal,


Srinu>> The initiator will generate an SPI, which will be used as the
SPI
value for INBOUND SA at initiator side and OUTBOUND SA at the responder
side.
...
Srinu>> OK, responder in response to the  initiator proposals will
select
one of them, and then he(responder) will generate an SPI value for
his(responder) INBOUND SA and send it to the initiator to use it to
identify his(initiator) OUTBOUND SA.


Waters> Isn't this the wrong way round?  If the initiator is setting up
an SA, it is probably because
Waters> there is a packet waiting to go OUT.
Waters>
Waters> It seems more logical to me that the initiator should specify
the SPI for the Initiator's OUTBOUND and
Waters> the responder's INBOUND, and that the responder should create
another SPI for the responder's 
Waters> OUTBOUND and the initiator's INBOUND.
Waters>
Waters> This is all guess-work though - I haven't read it anywhere.  I
know, you can tell :)
Waters> Cheers, Steve.  




Follow-Ups: