[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ordered and unordered SPD in draft-ietf-ipsec-rfc2401bis-01
At 19:34 -0500 3/2/04, Greg Troxel wrote:
> From: "Michael Roe" <mroe@microsoft.com>
>
> In draft-ietf-rfc2401bis-01, the description of the processing
> model is very confusing. The problem is that is keeps switching
> between two different representations of the SPD:
>
> (a) An ordered SPD, which may contain overlapping entries
> (b) An unordered SPD, which must not contain overlapping entries
>
>I had a similar reaction on reading the draft, but was lame about
>commenting.
>
>Since decorrelation is "just" an optimization, my (unconsidered)
>preference is to have all the descriptions be in terms of the ordered
>SPD, perhaps with 'the packet is looked up in the SPD' explained once,
>and then that definition simply used. The decorrelation presentation
>could then be descriptive, with the authoritative rules for lookup be
>in terms of the ordered SPD.
the problem is that our new model for processing flow uses caches,
which require a decorrelated SPD.
Steve