[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re:
You should read the standard more carefully.
SPI is used to uniquely identify a security association when both Dest IP and Pro are equal.
Jia----- Original Message -----
From: "Jiang He" <hejiang@hotmail.com>
To: <ipsec@lists.tislabs.com>
Sent: Monday, May 13, 2002 3:44 PM
> In RFC2401, for inbound processing, the following packet fields are used to
> look up the SA in the SAD: Outer Header's Destination IP address, IPsec
> Protocol and SPI. Why not simply use SPI as index? The SPI is enough to look
> up SAD.
> Using SPI as index, concerning nothing about "Outer Header's Destination IP
> address", it might be convenient for SPI to be chosen so as to be a table
> index for fast lookups of SAs, and also give a favor IPSec-NAT solution.
>
> He Jiang
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
>
>
>