[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: src addr/SPI coupling
Jan Vilhuber writes:
> Actually, section 4.1 from rfc 2401 states:
>
> A security association is uniquely identified by a triple consisting
> of a Security Parameter Index (SPI), an IP Destination Address, and a
> security protocol (AH or ESP) identifier. [...]
>
> It's not the source address.
OK, that changes the sense of the problem, but not
the original question. Why does there need to be
any dependency on the destination address to
select the right SA? This still seems like it
could run into trouble on the mobile node
incoming traffic if the destination address
were "wrong" (which is, I think, the way a
naive stack might view it.)
Mike
Follow-Ups:
References: