[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?

To: mbaugher@cisco.com
Subject: Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
From: Markku Savela <msa@burp.tkv.asdf.org>
Date: Mon, 1 Jul 2002 23:25:57 +0300
CC: annelies.van_moffaert@alcatel.be, ipsec@lists.tislabs.com
In-reply-to: <4.3.2.7.2.20020701102526.04b8f538@mira-sjc5-6.cisco.com>(message from Mark Baugher on Mon, 01 Jul 2002 10:35:03 -0700)
References: <4.3.2.7.2.20020701102526.04b8f538@mira-sjc5-6.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

> From: Mark Baugher <mbaugher@cisco.com>

> >I think a good solution would be to include also the source address in the
> >SA selector for multicast SAs. This would also be very useful  to protect
> >IGMP messages by means of IPsec AH.
> 
> I favor this approach but it is not consistent with RFC2401.

Nothing in RFC2401 prevents using source address as a selector.

Follow-Ups:
- identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
  - From: Mark Baugher <mbaugher@cisco.com>

References:
- Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
  - From: Mark Baugher <mbaugher@cisco.com>

Prev by Date: Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
Next by Date: Re: SOI QUESTIONS: 3.4 - 4.3
Prev by thread: Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
Next by thread: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
Index(es):
- Date
- Thread