[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Traffic Selectors

To: "Radia Perlman - Boston Center for Networking" <Radia.Perlman@sun.com>, <ipsec@lists.tislabs.com>
Subject: Re: Traffic Selectors
From: "David Faucher" <dfaucher@lucent.com>
Date: Mon, 18 Nov 2002 08:10:13 -0600
Cc: <ckaufman@notesdev.ibm.com>
References: <200211152117.gAFLHTJ29190@sydney.East.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com

----- Original Message -----
From: "Radia Perlman - Boston Center for Networking" <Radia.Perlman@sun.com>
To: <ipsec@lists.tislabs.com>
Cc: <ckaufman@notesdev.ibm.com>
Sent: Friday, November 15, 2002 3:17 PM
Subject: Re: Traffic Selectors

<snip>

| But the way it's specified, as long as the source on traffic
| from Alice to Bob is included in ANY of the traffic selectors in TSi,
| and the destination is included in ANY of the traffic selectors in TSr,
| then it's legal.
|
| Radia
|

The above paragraph clears up my confusion. I was making it
more complicted than it needed to be. For instance, initially
I was thinking of an example where a pair of gateways would
protect all traffic for a specific application (TCP port X)
AND traffic from subnets Y to Z, while everything else would
be in the clear. This type of configuration would require
negotiating 2 separate SAs.

David

References:
- Re: Traffic Selectors
  - From: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>

Prev by Date: RE: Counter Mode Security: Analysis and Recommendations
Next by Date: RE: UDP-encapsulated IPsec Transport mode
Prev by thread: Re: Traffic Selectors
Next by thread: Counter Mode Security: Analysis and Recommendations
Index(es):
- Date
- Thread