[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new version of ESP ID
Mark,
>
>I don't understand the distinction between static and dynamic SAs.
>Is the distinction between a single-sender multicast SA versus
>a multi-sender multicast SA?
>
>I think that it is a more robust solution to identify the multicast
>SA using the source address as well as the SPI and destination
>address. This is what many of us who worked in smug thought we
>would do with MESP. Now that Steve is addressing multicast in
>ESP and AH, it's not clear to me how msec should proceed with
>MESP.
>
There is a big distinction between single and multi-sender SAs, as we
have discussed. One cannot make use of anti-replay for a multi-sender
SA, unless we seriously change the model and I explained in my
message to Bill why I don't think that's a reasonable change to
pursue.
I am opposed to the suggestion to use both source and destination
address for demuxing multicast SAs, as it just adds to the
comparisons that need to me made. As more folks go to high speed
hardware implementations, using more fields for demuxing turns into
more CAM entries, ... Why can't we swap destination address demuxing
for source address demuxing for multicast?
Steve