[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Outbound interface as a selector?

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: Re: Outbound interface as a selector?
From: Stephen Kent <kent@bbn.com>
Date: Mon, 18 Oct 1999 11:01:34 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <199910172118.OAA14917@kebe.Eng.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com

Dan,

>Consider the case of IPv6 link-local multicast.  Say I have two multicast SAs
>for dstaddr == ff02::2 (all-routers mcast).  Let's say further that one SA is
>for one link, and the other SA is for the other link.  Unless I hardcode SPIs
>into the user API (which is a BAD idea), I need to distinguish between the
>two SAs.  The only way I can think of is to use the outgoing interface as a
>selector for outbound d-grams (and for that matter, inbound d-grams too).
>
>Off the top of your heads, do you see anything really broken about the idea
>of outbound interface as a selector?

I'm not sure I understand your example well enough to reply. Although there
are per-interface SPDs, interfaces are NOT selectors.  The reason being
that they are not part of the addressing scheme visible at the IP
interface.  Absent the use of IPsec, how would a user have selected one
interface vs. another via the usual OS calls (or why would he care)?

Steve

References:

Outbound interface as a selector?

From: Dan McDonald <danmcd@Eng.Sun.Com>

Prev by Date: RE: Re[2]: PPP over IPSec (without L2TP)?
Next by Date: Returned mail: User unknown
Prev by thread: Re: Outbound interface as a selector?
Next by thread: Returned mail: User unknown
Index(es):
- Main
- Thread