[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is TS agreement necessary?



Stephen Kent wrote:
> RFC 2401 is reasonably clear in noting that the SPD is nominally per 
> interface. What sort of management interface is provided to a client is 
> up to the vendor, so long as one can achieve the same effects as a 
> per-interface SPD.  Otherwise, the implementation would not be compliant.

As a side note, I misunderstood this for a long time to mean "SPD per 
PHYSICAL interface", which is not sufficient (because of ambiguities via 
multiple matching tunnel-mode SAs in the same per-physical-interface 
SPD). When viewing tunnel mode SAs as virtual interfaces in their own 
right that have separate SPDs associated with them, these problems 
dissapear. Maybe that's part of the confusion around tunnel mode...
Lars
-- 
Lars Eggert <larse@isi.edu>               Information Sciences Institute
http://www.isi.edu/larse/              University of Southern California

S/MIME Cryptographic Signature