[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multi-homed nodes and SAs for incoming packets



-----BEGIN PGP SIGNED MESSAGE-----


  Let me turn it around:
  Since it is up to the destination node to allocate the SPI, 
and it can therefore make sure that its SPI,<any-interface> is
unique, can you give a reason why anyone should care about 
whether or not a node considers its interfaces to be equivalent?
  
  There are serious security issues if the machine considers 
its interfaces equivalent for all operations, btw.

   :!mcr!:            |  Sandelman Software Works Corporation, Ottawa, ON  
   Michael Richardson |	SSH IPsec: http://www.ssh.fi/. Secure, strong, international
 Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
 Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>. 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNXwNAdiXVu0RiA21AQGL4gMArRCXm/Djfcl/osgek62RJwjGjuMIZtak
SLCBkr3pWjHGHxkRF4mEkVnyE5+w8AIbWsVynt9IFiecSA0sOntq/KgC6+xMYW96
c7O66OwEQ5YJ+Y69kci0JcASYVkY/TF/
=xWnn
-----END PGP SIGNATURE-----


Follow-Ups: References: