[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: DataStructure for Storing SPD,SA Entries
You know, I never considered the interoperability issue! I would love to
see a discussion on the issue of a decorrelated host interacting with a
host that uses an ordered SPD. I don't see a problem on the decorrelated
side, since you can guarantee that you are using the correct policy, but
how do you coordinate with 3rd party hosts and/or negotiate with them to
set up the policies on the fly? Everything seems OK to me (even
negotiating with the ordered host -- as you are negotiating algorithms and
selectors, not database structure)-- but I'll be up front in pointing out
that I haven't put a great deal of research into the subject yet. Any
pointers would be welcome.
Steve
"Mason, David"
<David_Mason@N To: "'Wei-Jen Yeh'" <weijyeh@nortelnetworks.com>, William Dixon
AI.com> <wdixon@windows.microsoft.com>
cc: "Steve.Robinson" <Steve.Robinson@psti.com>, Puja Puri
10/19/01 09:32 <puja.puri@cdac.ernet.in>, ipsec <ipsec@lists.tislabs.com>, ranjeet
AM barve <ranjeet_barve@yahoo.co.in>
Subject: RE: DataStructure for Storing SPD,SA Entries
One of the reasons for having ordered SPDs is interoperability. If you
have
overlapping SPDs and they are in different orders on both sides of the VPN
link, then you may run into connectivity problems. To correct a problem of
this sort, one of the sides will need to change the order of their SPDs.
-dave
Follow-Ups: