Re: Decorrelated SPD and IKEv2 traffic selectors

[Derrell Piper <ddp@electric-loft.org>]

I think you want to explicitly state in 2401bis that it is the 
uncorrelated entry that's passed up to IKE.  IKE doesn't need to know 
anything about the decorrelation but if someone were to choose to pass 
up the decorrelated entry, we'd have an interoperability issue.

Derrell

On Mar 4, 2004, at 6:19 AM, Stephen Kent wrote:

> I think the latest version says that when you decorrelate, you keep 
> the decorrelated entries linked together, so that when you match any 
> individual entry, you grab all of the other entries that were created 
> due to decorrelation.  we need to do this so that the externally 
> visible operation is identical to what would happen w/o decorrelation, 
> at least so far as the number of SAs that are created and what traffic 
> flows over each SA. We said this in terms of creating SPD-cache and 
> SAD entries, but the same thing shoud be done for IKE interactions. 
> Perhaps it would be better, for IKE, to keep the original SPD entry as 
> well, and pass that back to IKE for use in negotiation.