two questions.

["Anuradha Pillai" <anuradhapillai@yahoo.com>]

Hi all !

I'm a student trying to implement ipsec using ESP ( bump-in-stack) with manual SA & Key management.

i had following doubts....

--> how do 2 hosts wanting to use ipsec decide on the SPI (manual SA)?
      both the user choose common SPI, selector, keys & fill them into the ipsec Database?
      basically, the confusion arised when considering the inbound packet processing.
      the sender fills in the ESP header which contains the SPI. so the receiver checks the SPI
      ( & ofcourse the dest addr & protocol )& decides which SA to use. so does that mean
      both the SPI number (at sending & receiving host) has to be same?
--> why is it necessary to perform fragmentation/reassembly? or rather, why is ipsec applied
      to whole datagrams only?

 

any help will be greatly appreciated. i'm sorry if i'm repeating questions, but i couldn't really

find a satisfactory answer to the above...

thanking in anticipation...

-Anu.

 

---

Follow-Ups:

• Re: two questions.
• From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

---

• Prev by Date: Re: Minutes for the IPSEC meeting in Minneapolis
• Next by Date: Re: Minutes for the IPSEC meeting in Minneapolis
• Prev by thread: Question about OSCP
• Next by thread: Re: two questions.
• Index(es):
  • Main
  • Thread