[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2401 section 5.2.1

To: Henry Spencer <henry@spsystems.net>
Subject: Re: RFC 2401 section 5.2.1
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Tue, 28 Nov 2000 17:48:14 -0500
cc: Joe Touch <touch@ISI.EDU>, Lars Eggert <larse@ISI.EDU>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Tue, 28 Nov 2000 17:35:21 EST." <Pine.BSI.3.91.1001128173142.1529O-100000@spsystems.net>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

> But which IPsec SA the packet emerged from is significant information for
> the checking.  The two cannot safely be divorced; checking *does* need to
> be an integrated function of IPsec setup.  Unfortunate but inevitable
> (except in some favorable special cases).

who says you have to discard that information as part of ipsec
decapsulation?

stacks typically have to retain a bunch of metadata associated with
the packet on the way up; the inbound SA information is just part of
this.

					- Bill

Follow-Ups:

Re: RFC 2401 section 5.2.1

From: Stephen Kent <kent@bbn.com>

References:

Re: RFC 2401 section 5.2.1

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: RFC 2401 section 5.2.1
Next by Date: Re: RFC 2401 section 5.2.1
Prev by thread: Re: RFC 2401 section 5.2.1
Next by thread: Re: RFC 2401 section 5.2.1
Index(es):
- Main
- Thread