[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec issue #46 -- No need for nested SAs or SA bundles

To: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Subject: Re: IPsec issue #46 -- No need for nested SAs or SA bundles
From: Stephen Kent <kent@bbn.com>
Date: Tue, 2 Sep 2003 13:56:03 -0400
Cc: Karen Seo <kseo@bbn.com>, ipsec@lists.tislabs.com, kivinen@ssh.fi
In-Reply-To: <200309021744.h82HihcJ031565@coredump.cs.columbia.edu>
References: <200309021744.h82HihcJ031565@coredump.cs.columbia.edu>
Sender: owner-ipsec@lists.tislabs.com

At 13:44 -0400 9/2/03, Angelos D. Keromytis wrote:
>OK, thanks for the clarification. Since most of the implementations supporting
>2401bis in the near future will be based on existing 2401-compliant
>implementations, I think 2401bis should avoid language that prohibits support
>for bundling. One approach may be to pretend it's not there, and have an
>1-paragraph appendix saying "if you did SA bundling, you don't *have* to
>remove it".
>
>Cheers,
>-Angelos
>

I would not tell someone that they had to remove the feature if it 
were present. Folks are always capable of adding things that have 
only local significance or that provide additional features ONLY if 
the peer happens to have added the same extra function.

Steve

References:
- Re: IPsec issue #46 -- No need for nested SAs or SA bundles
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>

Prev by Date: Re: IPsec issue #46 -- No need for nested SAs or SA bundles
Next by Date: Possible missing messages
Prev by thread: Re: IPsec issue #46 -- No need for nested SAs or SA bundles
Next by thread: Fwd: IPsec issue #46 -- No need for nested SAs or SA bundles
Index(es):
- Date
- Thread