[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issue with "per-interface SAD/SPD"

To: Joe Touch <touch@ISI.EDU>
Subject: Re: issue with "per-interface SAD/SPD"
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 10 Jun 2003 19:18:40 +0200
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of Mon, 09 Jun 2003 09:47:48 PDT. <3EE4BA34.5010308@isi.edu>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   FYI, we addressed this sort of issue in draft-touch-ipsec-vpn-05.txt, 
   which was submitted independently as an Informational in April.
   
=> this is a very nice news!

   Introducing an interface selector is insufficient; the selector needs to 
   indicate the next-hop IP address and interface, as both are required for 
   IP forwarding. The details of this issue, and simpler alternatives are 
   discussed in the draft.
   
=> the problem I tried to address is a bit different: for instance in
Mobile IPv6 only the packets with a Mobility Header must be protected,
so a transport interface over the IP-in-IP tunnel is too much...
In fact, my message was mainly for the 2401bis authors, as the "per
interface" stuff is clearly inadapted.

Thanks

Francis.Dupont@enst-bretagne.fr

References:
- Re: issue with "per-interface SAD/SPD"
  - From: Joe Touch <touch@ISI.EDU>

Prev by Date: ikev2-08 last nit
Next by Date: Editorial: Reservations for IKEv1
Prev by thread: Re: issue with "per-interface SAD/SPD"
Next by thread: Re: issue with "per-interface SAD/SPD"
Index(es):
- Date
- Thread