[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT Traversal

To: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Subject: RE: NAT Traversal
From: "Paul Lambert" <PaulLambert@WoodsideNet.Com>
Date: Mon, 4 Mar 2002 18:12:04 -0800
Cc: "ipsec mailling list" <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com
Thread-Index: AcHD6b/pSL3IkZzwS2C8XghMBIZfUAAABslQ
Thread-Topic: NAT Traversal


Increasing SPI size is very bad idea.  They are only as large as they are now because of IPv6 considerations for word/byte alignment.  The SPI was originally called a SAID it that incarnation been the sole identifier for a security association (SA).  The size need only be as large as the maximum number of SAs for a system

This seems like a very confused set of proposals for NAT that are randomly mutating fields in the hopes that by some sort of Darwinian process a better protocol will be created.  The suggestions that the solution should be based on well defined scenarios would help to clarify this discussion.

Paul

Prev by Date: Re: DoS attack on JFK
Next by Date: RE: NAT Traversal
Prev by thread: RE: NAT Traversal
Next by thread: RE: NAT Traversal
Index(es):
- Date
- Thread