Re: Protocol and port fields in selectors

[Joe Touch <touch@ISI.EDU>]

sakari.poussa@nokia.com wrote:
> Steve& Joe, thank you for your responses.
> 
> The reason why I am asking this is that
> in 3GPP/IMS the SIP signaling between the mobile
> phone and SIP-proxy (P-CSCF) is protected with an IPSec SA.
> The SA is not negotiated with IKE but with a sip-sec-agree
> negotiation. In the resulting IPSec SA, the protocol is 
> wildcard and the src/dst addresses and ports specified. The 
> rationale is to have a single SA to protect the SIP traffic
> running on top of UDP and TCP. 
> 
> It seems that some implementations support this scenario
> while others don't. 

Hi, Sakari,

Agreed on your last point. There might be utility to saying "TCP or 
UDP", e.g., for NFS, DNS or similar traffic that might use either. For 
most other protocols, although both ports are allocated, only one is 
generally used.

It seems dangerous to let the transport protocol field completely float 
but to pin down the port number. There is no universal allocation of 
ports except relative to a transport protocol; there is no guarantee 
that new transport protocols (DCP, SCTP, etc.) will allocate ports with 
the same meaning.

At best, though, it seems like this cuts the database down by a factor 
of 2; is there that much utility to such an optimization?

Joe