[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: use of client IDs

To: Bryan Gleeson <bgleeson@shastanets.com>, ipsec@tis.com
Subject: Re: use of client IDs
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Thu, 18 Jun 1998 10:27:59 -0700
Organization: RedCreek Communications
References: <199806180444.VAA22848@shasta-nms.shastanets.com>
Sender: owner-ipsec@ex.tis.com

Bryan Gleeson wrote:
> Lastly the architecture draft models both an SPD entry and an SAD
> entry as having a selector field. I'm a bit unclear on the need
> for this. If an SPD entry points to a list of SADs (and the SADs
> have backpointers to SPDs) wouldn't one selector associated with
> the SPD do the job ? Under what circumstances would the SAD
> selectors be different from their linked SPD selectors ?

After giving this a bit more thought, I believe my previous reply on
this particular item was incorrect. I said that having selectors in both
places is an implementation detail. What I should have said is that the
ARCH doc calls for the SPD to be searched for all outgoing packets,
(i.e. the selectors are in the SPD), and that for inbound packets, the
selectors are associated with the SAD (section 4.4.2). I have previously
asserted that you can avoid the SPD lookup for outgoing packets by
associating *exact* selectors with the outbound SAD entries (and also
inbound ones, but that's another issue), but there are those who
disagree. Sorry for the confusion.

> 
> Thanks in advance for any clarifications ...
> 
> Bryan Gleeson
> Shasta Networks.

References:

use of client IDs

From: Bryan Gleeson <bgleeson@shastanets.com>

Prev by Date: Re: use of client IDs
Next by Date: RE: use of client IDs
Prev by thread: Re: use of client IDs
Next by thread: RE: use of client IDs
Index(es):
- Main
- Thread