[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SA identification

To: Markku Savela <msa@burp.tkv.asdf.org>
Subject: Re: SA identification
From: Stephen Kent <kent@bbn.com>
Date: Fri, 23 Mar 2001 10:23:10 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <200103221915.VAA27324@burp>
References: <p05010401b6dfaec6aa35@[128.33.238.44]><3ABA2B9E.6060405@kolumbus.fi> <200103221915.VAA27324@burp>
Sender: owner-ipsec@lists.tislabs.com

At 9:15 PM +0200 3/22/01, Markku Savela wrote:
>(1) Destination address need to be stored into SA for outgoing SA's.

yes, the destination address is part of the SAD, but it is not an SA 
identifier in the same sense and that a receiver uses the SPI and 
dest address for SA selection

>(2) The identifaction triplet (SPI,dst,protocol) makes it problably
>     cleaner for key management to exactly specify which SA is being
>     operated.

"being operated?" not sure what you mean here, but in any case the 
focus of my question is on receiver processing.

>For incoming SA, if you want to ignore the destination address, seems
>to me that, this is local implementation issue (with kernel and key
>management).

As the SCTP presentation and ID shows, it is not purely a local 
matter. If we did away with the requirement to use the destination 
address as part of the SA selection process at a receiver, there 
would be no need to make this process more complex to accommodate 
SCTP requirements.

Steve

Follow-Ups:

Re: SA identification

From: "Angelos D. Keromytis" <angelos@keromytis.org>

References:

SA identification

From: Stephen Kent <kent@bbn.com>

Re: SA identification

From: Jari Arkko <jari.arkko@kolumbus.fi>

Re: SA identification

From: Markku Savela <msa@burp.tkv.asdf.org>

Prev by Date: Re: Death to AH (was Re: SA identification)
Next by Date: RE: Death to AH (was Re: SA identification)
Prev by thread: Re: SA identification
Next by thread: Re: SA identification
Index(es):
- Main
- Thread