[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] IPsec AH and ESP -- changes
> From: George Gross <gmgross@nac.net>
> > > 3. Search the SAD for a match on only {SPI}. If an SAD
> > > entry matches then process the inbound ESP packet with
> > > that matching SAD entry. Otherwise, discard the packet
> > > and log an auditable event.
> >
> > ...and, this matches *only* SA's, that indicate that neither source nor
> > destination is used?
>
> Again "yes", but with the understanding that it is part of a sorted search
> procedure.
My misunderstanding, not reading the text carefully enough. It's clear
now.
[ I trying to clarify that, for example, case (3) is not in any way a
"wild card search". It searches exact SA with src=unspecified and
dst=unspecified, and will not match any other SA with src or dst
specified. However, after reading the text again, this is actually
what it says.]
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec