[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why the SAs are unidirectional

To: Markku Savela <msa@burp.tkv.asdf.org>
Subject: Re: why the SAs are unidirectional
From: Dan Harkins <dharkins@tibernian.com>
Date: Tue, 19 Feb 2002 09:17:54 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: Your message of "Tue, 19 Feb 2002 09:12:53 +0200." <200202190712.JAA07341@burp.tkv.asdf.org>
Sender: owner-ipsec@lists.tislabs.com

  Yes and every time you've mentioned it people have pointed out how
that wouldn't work, the last time being the compare-jfk-sigma.txt
thread of early December last year.

  Dan.

On Tue, 19 Feb 2002 09:12:53 +0200 you wrote
> 
> > Unfortunately, this is a somewhat messy graft on top of the basic
> > mechanism.  The protocol really treats each SA as separate, and the
> > fact that the pairs need to go together is something that requires
> > constant care and attention and lots of ugly code in IKE.
> 
> Which is why it shouldn't have tried that in the first place. As I
> have said several times, IPSEC would work just fine if key negotiation
> just negetiated a key for unidirectional SA. Very simple compared to
> the current mess.
>

References:
- Re: why the SAs are unidirectional
  - From: Markku Savela <msa@burp.tkv.asdf.org>

Prev by Date: RE: why the SAs are unidirectional
Next by Date: IPsec inbound processing
Prev by thread: Re: why the SAs are unidirectional
Next by thread: RE: why the SAs are unidirectional
Index(es):
- Date
- Thread