[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ordered and unordered SPD in draft-ietf-ipsec-rfc2401bis-01



At 19:34 -0500 3/2/04, Greg Troxel wrote:
>   From: "Michael Roe" <mroe@microsoft.com>
>
>   In draft-ietf-rfc2401bis-01, the description of the processing
>   model is very confusing. The problem is that is keeps switching
>   between two different representations of the SPD:
>
>    (a) An ordered SPD, which may contain overlapping entries
>    (b) An unordered SPD, which must not contain overlapping entries
>
>I had a similar reaction on reading the draft, but was lame about
>commenting.
>
>Since decorrelation is "just" an optimization, my (unconsidered)
>preference is to have all the descriptions be in terms of the ordered
>SPD, perhaps with 'the packet is looked up in the SPD' explained once,
>and then that definition simply used.  The decorrelation presentation
>could then be descriptive, with the authoritative rules for lookup be
>in terms of the ordered SPD.

the problem is that our new model for processing flow uses caches, 
which require a decorrelated SPD.


Steve