[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

terminology of channel numbers

To: ipsec@lists.tislabs.com
Subject: terminology of channel numbers
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 12 Apr 2002 13:28:41 -0400
Sender: owner-ipsec@lists.tislabs.com


  One thing that the FreeSWAN team has discussed introducing to Son-of-IKE is
the notion of a channel and channel ID.

  This is akin to SPI#, but is higher level.
  
  This is essentially a 32 or 64 bit blob produced by concatenating a shorter 
ID present in the proposal by each end.

  This is a longer lived identifier than SPI#. One uses this ID to identify
the set of SAs that currently or have implemented a policy. 
  That is, the entire blob identifies both directions of traffic flow.

  Rekey's would say  "I wish to rekey channel #XXXXXX" 
  Delete's would say "I wish to delete channel #XXXXXX" because I'm turning
myself off. 
  {vs "I want to delete SPI#" (because we just rekeyed it)}

  This makes is very clear what is going on at each end.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

Prev by Date: Re: Is TS agreement necessary?
Next by Date: Re: Is TS agreement necessary?
Prev by thread: Questions about JFK
Next by thread: RE: terminology of channel numbers
Index(es):
- Date
- Thread