[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new version of ESP ID



Mark,

>
>I don't understand the distinction between static and dynamic SAs.
>Is the distinction between a single-sender multicast SA versus
>a multi-sender multicast SA?
>
>I think that it is a more robust solution to identify the multicast
>SA using the source address as well as the SPI and destination
>address.  This is what many of us who worked in smug thought we
>would do with MESP.  Now that Steve is addressing multicast in
>ESP and AH, it's not clear to me how msec should proceed with
>MESP.
>

There is a big distinction between single and multi-sender SAs, as we 
have discussed. One cannot make use of anti-replay for a multi-sender 
SA, unless we seriously change the model and I explained in my 
message to Bill why I don't think that's a reasonable change to 
pursue.

I am opposed to the suggestion to use both source and destination 
address for demuxing multicast SAs, as it just adds to the 
comparisons that need to me made. As more folks go to high speed 
hardware implementations, using more fields for demuxing turns into 
more CAM entries, ...  Why can't we swap destination address demuxing 
for source address demuxing for multicast?

Steve