[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on SA Bundle

To: Lokesh <lokeshnb@intotoinc.com>
Subject: Re: Question on SA Bundle
From: Stephen Kent <kent@bbn.com>
Date: Wed, 9 Apr 2003 15:43:30 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <5.1.0.14.0.20030408150612.0256cec0@172.16.1.10>
References: <5.1.0.14.0.20030408150612.0256cec0@172.16.1.10>
Sender: owner-ipsec@lists.tislabs.com

At 3:24 PM +0530 4/8/03, Lokesh wrote:
>Hi all,
>I have a question on Ipsec.
>SA's are bundled in SABundle. and there can be multiple SA Bundles 
>existing linked together
>in a SPD entry.
>
>1]  under what conditions it is decided that a new SA created should 
>be bundled in a New SABundle? not in a existing one?
>
>can anyone point me to literature on this or similar issue ? ( that 
>is regarding SPD and SA Bundles)
>Thanks
>Lokesh

Lokesh,

When writing 2401 we thought it might be possible to provide the 
ability to link together a number of SAs into a bundle, similar to 
what you describe in #1 above. However, in reality, IKE v1 was not 
able to negotiate a general notion of bundling, specifically a way to 
link new SAs to existing SAs. Thus, in practice the only bundles that 
occur arise when one negotiates both AH and ESP in a single IKE 
negotiaiton.

As we revise 2401, I anticipate clarifying this, and essentially 
doing away with the notion of bundles. I have not see a strong need 
for them in list discussions, nor does IKE v2 have support for adding 
SAs to a bundle.

If folks think this is not the right path for 2401bis, let me know.

Steve

Follow-Ups:
- Re: Question on SA Bundle
  - From: Markku Savela <msa@burp.tkv.asdf.org>

References:
- Question on SA Bundle
  - From: Lokesh <lokeshnb@intotoinc.com>

Prev by Date: Re: draft-ietf-ipsec-ikev2-06.txt
Next by Date: Confirm decision to keep Me Tarzan, You Jane
Prev by thread: Re: Question on SA Bundle
Next by thread: Re: Question on SA Bundle
Index(es):
- Date
- Thread