[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:

To: "Jiang He" <hejiang@hotmail.com>, <ipsec@lists.tislabs.com>
Subject: Re:
From: "Xu, Jia" <xujia@is.ac.cn>
Date: Tue, 14 May 2002 09:29:09 +0800
References: <F248XU8x6PbhjYRGn3v000173c1@hotmail.com>
Sender: owner-ipsec@lists.tislabs.com

You should read the standard more carefully.
SPI is used to uniquely identify a security association when both Dest IP and Pro are equal.

Jia----- Original Message ----- 
From: "Jiang He" <hejiang@hotmail.com>
To: <ipsec@lists.tislabs.com>
Sent: Monday, May 13, 2002 3:44 PM


> In RFC2401, for inbound processing, the following packet fields are used to 
> look up the SA in the SAD: Outer Header's Destination IP address, IPsec 
> Protocol and SPI. Why not simply use SPI as index? The SPI is enough to look 
> up SAD.
> Using SPI as index, concerning nothing about "Outer Header's Destination IP 
> address", it might be convenient for SPI to be chosen so as to be a table 
> index for fast lookups of SAs, and also give a favor IPSec-NAT solution.
> 
> He Jiang
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
> 
> 
>

References:
- No Subject
  - From: "Jiang He" <hejiang@hotmail.com>

Prev by Date: RE: NAT Traversal - Manual key remote user
Next by Date: Re: Ikev2 Traffic Selector payload
Prev by thread: No Subject
Next by thread: No Subject
Index(es):
- Date
- Thread