[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please send me your GSEC presenation slides
Hi Steven and all,
I read the new IP Authentication Header I-D and I have a small question or
remark about the multicast SAs. I saw that these are identified by the
destination IP address
and the SPI value and optionally, the protocol ID.
I'm not sure whether this rules out all possible ambiguity for SSM. For SSM
the IP destination address does not need to be unique (if I remember
correctly). A group session is in SSM identified by the pair (Source IP,
Destination IP) and it is possible that 2 different sources choose the same
SSM group address as Destination IP address. The group controller of each
will pick independently an SPI number. It's of course very unlikely but I
think that it is then strictly speaking possible to have the same (SPI,
Destination IP) pair for 2 different SSM sessions. In this case the
receiver cannot differentiate between two different SAs since they have the
same identification pair (Destion IP, SPI). Is this correct or did I
overlook something?
Kind regards,
Lies
___________________
Annelies Van Moffaert \ /
_______________________________________________ \ /____
\ ALCATEL /
Security Technologies Network Strategy Group
DF1 Francis Wellesplein 1
Tel : +32 (0)3 240 83 58 B-2018 Antwerpen Belgium
Fax : +32 (0)3 240 48 88 \ /
______________________________________________________\ /___________
\/