[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-gupta-ospf-ospfv3-auth-01.txt
Hello,
I have a question concerning SA granularity. The draft says:
In the incoming path, OSPF protocol, SPI and ingress interface ID MUST
be used to locate the SA to be applied.
If ESP is used with non-null encryption, I think that OSPF protocol
field is not available.
If 'm correct, I think in this case we can only use SPI and ingress
interface. If incoming packet is decrypted correctly, then we can check
against an inbound policy linked to this SA, which would have protocol
selector set to OSPF protocol.
Regards,
Jean-Mickael