[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-gupta-ospf-ospfv3-auth-01.txt



Hello,
I have a question concerning SA granularity. The draft says:
In the incoming path, OSPF protocol, SPI and ingress interface ID MUST 
be used to locate the SA to be applied.
If ESP is used with non-null encryption, I think that OSPF protocol 
field is not available.
If 'm correct, I think in this case we can only use SPI and ingress 
interface. If  incoming packet is decrypted correctly, then we can check 
against an inbound policy linked to this SA, which would have protocol 
selector set to OSPF protocol.

Regards,

Jean-Mickael