[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Multi-homed nodes and SAs for incoming packets
-----BEGIN PGP SIGNED MESSAGE-----
Let me turn it around:
Since it is up to the destination node to allocate the SPI,
and it can therefore make sure that its SPI,<any-interface> is
unique, can you give a reason why anyone should care about
whether or not a node considers its interfaces to be equivalent?
There are serious security issues if the machine considers
its interfaces equivalent for all operations, btw.
:!mcr!: | Sandelman Software Works Corporation, Ottawa, ON
Michael Richardson | SSH IPsec: http://www.ssh.fi/. Secure, strong, international
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNXwNAdiXVu0RiA21AQGL4gMArRCXm/Djfcl/osgek62RJwjGjuMIZtak
SLCBkr3pWjHGHxkRF4mEkVnyE5+w8AIbWsVynt9IFiecSA0sOntq/KgC6+xMYW96
c7O66OwEQ5YJ+Y69kci0JcASYVkY/TF/
=xWnn
-----END PGP SIGNATURE-----
Follow-Ups:
References: