Do we need ?
"srinivasrao.kulkarni" <srinu@trinc.com> Thu, 12 March 1998 14:43 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id JAA29555 for ipsec-outgoing; Thu, 12 Mar 1998 09:43:32 -0500 (EST)
Message-Id: <3.0.1.32.19960101161924.006a46cc@192.9.200.10>
X-Sender: srinu@192.9.200.10
X-Mailer: Windows Eudora Light Version 3.0.1 (32)
Date: Mon, 01 Jan 1996 16:19:24 +0500
To: ipsec@tis.com
From: "srinivasrao.kulkarni" <srinu@trinc.com>
Subject: Do we need ?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Hi All, With reference to draft-ietf-ipsec-arch-sec-03.txt "For outbound processing,entries are pointed to by entries in the SPD. Note that if an SPD entry does not currently point to an SA that is appropriate for the packet, before it creates an SA, the implementation should check to see if the SAD already has an appropriate SA (created by some other SPD entry)." "2. Match the packet's selector fields against those in the SA bundles found in (1) to locate the first SA bundle that matches. If no SAs were found or none match, create an appropriate SA bundle and link the SPD entry to the SAD entry. If no key management entity is found, drop the packet." In the first paragraphs it says before creating new SA one should check whether SAD already has an appropriate SA created by some other SPD entries.But second paragraph from section "5.1.1 Selecting and Using an SA or SA Bundle" says if no SA found then create the new SA. So which one to follow do we need to search the SAD for appropriate SA created by other SPD entries or simply create the new SA, if no matching SA found ? Thank U in advance Bridging the gap between hardware and software with best wishes - K. SrinivasRao(email : srinu@trinc.com )
- Do we need ? srinivasrao.kulkarni