[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: revised IPsec processing model

To: Stephen Kent <kent@bbn.com>
Subject: Re: revised IPsec processing model
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Tue, 22 Jul 2003 11:04:19 +0900
Cc: ipsec@lists.tislabs.com
Cc: itojun@iijlab.net
In-reply-to: kent's message of Mon, 21 Jul 2003 10:52:55 -0400. <p05210602bb41ad3db3ad@[128.89.89.40]>
Sender: owner-ipsec@lists.tislabs.com

>Thanks for the additional info. As Bill & Markus pointed out, the VID 
>is not the same as an address, in the sense discussed above. It is an 
>identifier largely internal to IPsec. Does Bill's suggestion of how 
>to accommodate the VID address your concerns?

	i see, i guess we need to find some term other than "virtual interface".

	my another concern is that the text talks too much about implementation
	details - for instance, SPD cache implementation could vary by
	implementation to implementation.  with our implementation we cache
	SPD on connected tcp/udp control block (inpcb).
	maybe put less (but sufficient) text in 2401bis, and add VID and caching
	details as appendix?

itojun

Follow-Ups:
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: IKEv2 issue tracker: Identifier
Next by Date: Re: revised IPsec processing model
Prev by thread: Re: revised IPsec processing model
Next by thread: Re: revised IPsec processing model
Index(es):
- Date
- Thread