[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How the responder know the selectors



On Tue, 17 Sep 2002, Mohammad Awad wrote:
> Alice's IPsec module will prevent the packet transmission and commence  
> negotiating IKE with Bob beginning with the SA payload. How does Bob, now, 
> know the original packet that was tended to be sent (say (tcp 88==>21)) to 
> decide on which SA should he negotiate, given that the security services 
> proposed depend on the selectors of the packet.

Without prearrangement, he doesn't know anything except what Alice sent as
part of negotiations.  So if this sort of scheme is to work, he must be
willing to negotiate a general-purpose set of security services without
knowing exactly what traffic will be sent. 

                                                          Henry Spencer
                                                       henry@spsystems.net