[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec issue #46 -- No need for nested SAs or SA bundles



At 19:39 -0400 8/29/03, Angelos D. Keromytis wrote:
>Just to start some discussion on this issue: wouldn't this break (or make it
>very difficult) for IPSP to deal with intermediate gateways etc. ? The
>advantage
>of the current model with respect to nested IPsec processing is that it allows
>an implementation to inject a new SPD entry (and associated SAs), and not
>having
>to link that SA to a bundle but instead deal with the SPD.
>-Angelos
>

Angelos,

I find it difficult to parse your comment. In fact, I think the last 
string of words is not a sentence :-)

Steve