[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?

To: mbaugher@cisco.com
Subject: Re: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
From: Markku Savela <msa@burp.tkv.asdf.org>
Date: Tue, 2 Jul 2002 22:34:26 +0300
CC: ipsec@lists.tislabs.com
In-reply-to: <4.3.2.7.2.20020702115642.04d72fa8@mira-sjc5-6.cisco.com>(message from Mark Baugher on Tue, 02 Jul 2002 12:01:50 -0700)
References: <4.3.2.7.2.20020702080307.04d2def8@mira-sjc5-6.cisco.com><4.3.2.7.2.20020701102526.04b8f538@mira-sjc5-6.cisco.com><4.3.2.7.2.20020701102526.04b8f538@mira-sjc5-6.cisco.com><4.3.2.7.2.20020702080307.04d2def8@mira-sjc5-6.cisco.com> <4.3.2.7.2.20020702115642.04d72fa8@mira-sjc5-6.cisco.com>
Sender: owner-ipsec@lists.tislabs.com


> From: Mark Baugher <mbaugher@cisco.com>

>     I may be misunderstanding something about IPsec.  By my reading of RFC 
> 2401, the SA is uniquely identified by <SPI, destination address, IPsec 
> protocol> and it is not possible to install another SA having the same 
> triple but with a different source address based upon some SPD entry.

I also (same Stephen Kent) assumed that there must be some entity that
is responsible of actually creating and distributing the SA's for a
specific multicast group, and therefore also assigns unique SPI for
each SA.

References:
- identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
  - From: Mark Baugher <mbaugher@cisco.com>
- Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
  - From: Mark Baugher <mbaugher@cisco.com>
- Re: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
  - From: Mark Baugher <mbaugher@cisco.com>

Prev by Date: Re: new version of ESP ID
Next by Date: Re: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
Prev by thread: Re: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
Next by thread: Re: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
Index(es):
- Date
- Thread