Re: [Ipsec] IPsec AH and ESP -- changes

[Karen Seo <kseo@bbn.com>]

Brian, Markku, George,

Thank you for the comments.  Is the following a correct summary?

1. It's OK for Searches (1) and (2) to NOT use protocol (AH or ESP). 
With unicast SAs, the receiver chooses the SPI and can have separate 
SPI spaces for AH and ESP if it wishes; but for multicast/etc SAs, a 
central Group Controller/Key server is assigning the SPIs and will 
ensure that there is no overlap between AH SPIs and ESP SPIs.

2. Searches (1) and (2) will be changed from "destination multicast 
address" to "destination address".

3. Search (3) will be changed to "Search the SAD for a match on only 
{SPI}, or optionally {SPI, protocol}".

Thank you,
Karen


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec