[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: transform tunnel/transport attributes
>>>>> "Stephen" == Stephen Waters <Stephen.Waters@digital.com> writes:
Stephen> "For ANDed propotals, the 'mode' MUST be the same, and the
Stephen> protocol headers applied MUST be applied adjacent to each other.
Stephen> If multiple proposals are required to protect a packet, and they
Stephen> are to be applied in different modes, this is achieved by using
Stephen> multiple Phase-2 negotiations".
The only thing missing is whether the proposals that are in the same
mode are to be applied inside-out, or outside-in:
"For ANDed proposals, the 'mode' MUST be the same, and the protocol headers
applied MUST be applied adjacent to each other. The first proposal describes
the inner-most (first on encryption/authentication/compression, last on
decryption/checking/decompression) transform to be applied, with the last
proposal describing the outer most transform. If multiple proposals are
required to protect a packet, and they are to be applied in different modes,
this is achieved by using multiple Phase-2 negotiations, the
applicability/order of them to be determined the selectors used."
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
Follow-Ups:
References: