[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Do we actually need dynamic ports?

To: Jan Vilhuber <vilhuber@cisco.com>
Subject: Re: Do we actually need dynamic ports?
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Fri, 05 Apr 2002 14:28:42 -0500
cc: Bill Sommerfeld <sommerfeld@east.sun.com>, Paul Hoffman / VPNC <paul.hoffman@vpnc.org>, Tero Kivinen <kivinen@ssh.fi>, ipsec@lists.tislabs.com
In-Reply-To: Your message of "Fri, 05 Apr 2002 09:57:14 PST." <Pine.LNX.4.33.0204050954420.2607-100000@janpc-home.cisco.com>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

> Well the draft that Pyda wrote changes the payload so that it's NOT
> ambiguous (it tags each SA with a policy ID, so you always know
> exactly which traffic-policy you're talking about (even if your SPI's
> may change), and added an add/remove flag). 

I wasn't thinking of reordering within the KM protocol, but rather
reordering between the KM protocol and AH/ESP traffic, especially in 
the case of selector deletion.  

If the SPI changes, we reduce selector-set changes to the same
[un]solved problem as graceful rekeying ;-)

					- Bill

Follow-Ups:
- dynamic ports vs. rekeying
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:
- Re: Do we actually need dynamic ports?
  - From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: RE: Do we actually need dynamic ports?
Next by Date: RE: Do we actually need dynamic ports?
Prev by thread: Re: Do we actually need dynamic ports?
Next by thread: dynamic ports vs. rekeying
Index(es):
- Date
- Thread