[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On the Use of SCTP with IPsec

To: "Randall R. Stewart" <rrs@cisco.com>
Subject: Re: On the Use of SCTP with IPsec
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Thu, 22 Feb 2001 13:55:59 -0500
Cc: jarkko@piuha.net, ji@research.att.com, angelos@cis.upenn.edu, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <3A952EC3.E8FB436D@cisco.com>, "Randall R. Stewart" writes:

>> Fourth, do you have an idea how typical SCTP policies/
>> selectors look like? Are they protocol and port
>> specific, or is everything from the particular addresses
>> covered by the SAs? If former, is SCTP relying on
>> ICMP in any way?
>> 
>
>I don't know what a policy selector looks like for SCTP :) 
>But yes SCTP does rely on ICMP for Path MTU discovery ... just
>like TCP.. This is the only place where SCTP uses ICMP though...
>

Let me translate here...

The selector is used to decide what packets are encrypted under what 
SA.  With TCP, the standard selectors are source address, dest address, 
source port, dest port, protocol type, user name, and security label.
The question is whether or not SCTP requires any further criteria.
I don't know of any -- I can't see any reason to use different SAs for 
different substreams within an SCTP connection, for example.

		--Steve Bellovin, http://www.research.att.com/~smb

Follow-Ups:

Re: On the Use of SCTP with IPsec

From: "Randall R. Stewart" <rrs@cisco.com>

Prev by Date: Re: exchange type 6?
Next by Date: Re: On the Use of SCTP with IPsec
Prev by thread: Re: On the Use of SCTP with IPsec
Next by thread: Re: On the Use of SCTP with IPsec
Index(es):
- Main
- Thread