[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SCTP and IPsec issues

To: ipsec@lists.tislabs.com
Subject: Re: SCTP and IPsec issues
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 29 Mar 2001 19:57:48 -0500
In-reply-to: Your message of "Wed, 28 Mar 2001 13:32:00 EST." <200103281832.f2SIW0c06237@nyarlathotep.keromytis.org>
Sender: owner-ipsec@lists.tislabs.com


 >>>>> "Angelos" == Angelos D Keromytis <angelos@keromytis.org> writes:
     >> As an alternative, it would be nice if the architecture said that the
     >> mapping of SPD->SA was an N:1 mapping, then no textual change would be
     >> necessary to support this.

     Angelos> I don't think this is sufficient; after all, SPDs can currently
     Angelos> do an 
     Angelos> N:1 mapping.

   Why not?

     >> It would also be nice if phase 2 SAs could be referenced in a consistent
     >> way such that additional selectors could be *added* to an existing SA.

     Angelos> I agree, although this has more to do with policy and thus
     Angelos> should be brought up at the appropriate WG (and I don't want to
     Angelos> complicate this document any more than I have to).

   It seems like a strong requirement for SCTP as they want to be able to add
new interfaces, and I get the impression that they don't want to rekey during
this time.
   
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
]   Michael Richardson, Solidum Systems   Oh where, oh where has|problem  with[
]     mcr@solidum.com   www.solidum.com   the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

Re: SCTP and IPsec issues

From: "Angelos D. Keromytis" <angelos@keromytis.org>

Prev by Date: Re: don't get any encrypted packets!
Next by Date: help
Prev by thread: Re: SCTP and IPsec issues
Next by thread: Re: SCTP and IPsec issues
Index(es):
- Main
- Thread