[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On the Use of SCTP with IPsec
"Steven M. Bellovin" wrote:
>
> In message <3A952EC3.E8FB436D@cisco.com>, "Randall R. Stewart" writes:
>
> >> Fourth, do you have an idea how typical SCTP policies/
> >> selectors look like? Are they protocol and port
> >> specific, or is everything from the particular addresses
> >> covered by the SAs? If former, is SCTP relying on
> >> ICMP in any way?
> >>
> >
> >I don't know what a policy selector looks like for SCTP :)
> >But yes SCTP does rely on ICMP for Path MTU discovery ... just
> >like TCP.. This is the only place where SCTP uses ICMP though...
> >
>
> Let me translate here...
>
> The selector is used to decide what packets are encrypted under what
> SA. With TCP, the standard selectors are source address, dest address,
> source port, dest port, protocol type, user name, and security label.
> The question is whether or not SCTP requires any further criteria.
> I don't know of any -- I can't see any reason to use different SAs for
> different substreams within an SCTP connection, for example.
>
> --Steve Bellovin, http://www.research.att.com/~smb
Steve:
Thanks for the translation.. with that definition and translation.. I
see no need for more than what you just listed...
R
--
Randall R. Stewart
Systems & Solutions Engineering
Cisco Systems Inc.
rrs@cisco.com 815-342-5222 or 815-477-2127
References: