[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: inbound policy verification

To: "'Stephen Kent'" <kent@bbn.com>
Subject: RE: inbound policy verification
From: Richard Draves <richdr@microsoft.com>
Date: Sat, 3 Oct 1998 17:21:08 -0700
Cc: IPsec WG List <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

[Hmm, I received your message more than 24 hours after it was sent. I
observed similar delay with Lewis's recent message - the copy sent directly
to me arrived much sooner than the copy via the list.]

> I'm sorry for any confusion resulting from the note in 
> section 5.2.  The inbound SPD is ordered, just like the outbound SPD.

Steve, I apologize for being slow. In what sense is the inbound SPD ordered?
The note in section 5.2.1 says quite explicitly that my implementation
should not stop if the first policy in the inbound SPD with selectors that
match the incoming packet would result in rejection, but should keep
searching. So any ordering of the inbound SPD will result in the same
packets being accepted and rejected. So it is effectively not ordered. I've
read and reread this subsection and I keep coming back to this conclusion.

Thanks,
Rich

Follow-Ups:

RE: inbound policy verification

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: inbound policy verification
Next by Date: Re: Re-keying Issues Document
Prev by thread: Re: inbound policy verification
Next by thread: RE: inbound policy verification
Index(es):
- Main
- Thread