[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: why the SAs are unidirectional

To: ipsec@lists.tislabs.com
Subject: RE: why the SAs are unidirectional
From: "Hilarie Orman, Purple Streak Development" <hilarie@xmission.com>
Date: Mon, 18 Feb 2002 16:15:10 -0700
Sender: owner-ipsec@lists.tislabs.com

> You really wouldn't want to create a true unidirectional SA, since it
> is hard to tell if it's a black hole. So IPsec SAs get created in pairs, 

It depends on what you mean by "an SA".  It's no more strange than UDP
and port numbers which are also "unidirectional" channels, and
sometimes they are useful as singletons.  The naming convention makes
IPsec channels naturally unidirectional because the SPI is only unique
for the receiver.  That turns out to be useful, because the sending
and receiving algorithms can be different and because it's easy to
define asymmetric protocol use, such as for multicast.

Hilarie

Follow-Ups:
- RE: why the SAs are unidirectional
  - From: Stephen Kent <kent@bbn.com>
- RE: why the SAs are unidirectional
  - From: ranjeet barve <ranjeet_barve@yahoo.co.in>

Prev by Date: RE: why the SAs are unidirectional
Next by Date: RE: why the SAs are unidirectional
Prev by thread: Re: why the SAs are unidirectional
Next by thread: RE: why the SAs are unidirectional
Index(es):
- Date
- Thread