[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Is TS agreement necessary?

To: "'Joe Touch'" <touch@ISI.EDU>, Mark Duffy <mduffy@quarrytech.com>
Subject: RE: Is TS agreement necessary?
From: "Wang, Cliff" <CWang@smartpipes.com>
Date: Fri, 12 Apr 2002 20:01:56 -0000
Cc: Lars Eggert <larse@ISI.EDU>, Stephen Kent <kent@bbn.com>, kalyan@juniper.net, ipsec mailling list <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

I don't understand the recursive part from both implementation and standards
point.

The SPD is used to decide what should go into the tunnel, normally a clear
packet, not an IPsec packet. When a clear packet is IPsec processed, it
carries protocol number 50 or 51. I think any sane SPD imlementation won't
let this packet to loop back to IPsec again, but instead pass it out.

Just trying to understand this recursive issue, which I fail to observe in
the existing IPsec implementations. 

-----Original Message-----
From: Joe Touch [mailto:touch@ISI.EDU] 
Sent: Thursday, April 11, 2002 4:43 PM
To: Mark Duffy
Cc: Lars Eggert; Stephen Kent; kalyan@juniper.net; ipsec mailling list
Subject: Re: Is TS agreement necessary?

[text deleted]
As per other mail to PPVPN, the issue is that the SA of the tunnel 
appears in the SPD of the tunnel itself. That seems recursive. It seems 
that the SA of a tunnel should appear in the SPD of the interface (real 
or virtual) that the tunneled packet will be emitted on.

Follow-Ups:
- Re: Is TS agreement necessary?
  - From: Joe Touch <touch@ISI.EDU>

Prev by Date: RE: terminology of channel numbers
Next by Date: Re: Is TS agreement necessary?
Prev by thread: Re: Is TS agreement necessary?
Next by thread: Re: Is TS agreement necessary?
Index(es):
- Date
- Thread