Re: need of information on a selector field

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "SALLE" == SALLE Mathias <matsal@hplb.hpl.hp.com> writes:
    SALLE> problem: I don't really understand the use of the Name
    SALLE> field of a selector. What is it for? How this field is
    SALLE> extracted from a IP packet in order to match an entry in
    SALLE> the SPD?

  It isn't, in general, extracted from the packet. Remember that IPsec
will often be found on the host that is actually originating the
packet (e.g. "client" or "end node" implementations in tunnel, but
especially transport mode between end nodes)
  So "user" may make a lot of sense: you know the login name because
of the credentials attached to the Protocol Control Block. You know
your domain name, so you can easily form an RFC822 name and/or DN.
  In addition, a gateway that did NAT might have to use the original
source address to lookup into a secure translation table giving a FQDN
and/or DN.

]     Internet Security. Have encryption, will travel           |1 Fish/2 Fish[
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |Red F./Blow F[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQBVAwUBNlTq1x4XQavxnHg9AQERNwH9FJXmI+bIUCvtSF0qtULS982PJ2++/Z7K
u0MAVnkbIVk4bfgcLbi8dnVUs6HcRk3uFhgEkxB/0x2l6GWcKOKDag==
=esKf
-----END PGP SIGNATURE-----

---

References:

• need of information on a selector field
• From: SALLE Mathias <matsal@hplb.hpl.hp.com>

---

• Prev by Date: security in diff-serv
• Next by Date: No Subject
• Prev by thread: need of information on a selector field
• Next by thread: Re: need of information on a selector field
• Index(es):
  • Main
  • Thread