Re: need of information on a selector field

Charles Lynn <clynn@bbn.com> Fri, 20 November 1998 16:27 UTC

Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA28638 for ipsec-outgoing; Fri, 20 Nov 1998 11:27:50 -0500 (EST)
Message-Id: <199811201653.LAA09698@relay.hq.tis.com>
Date: Fri, 20 Nov 1998 11:42:25 -0500
From: Charles Lynn <clynn@bbn.com>
To: SALLE Mathias <matsal@hplb.hpl.hp.com>
cc: ipsec@tis.com
Subject: Re: need of information on a selector field
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Mathias,

> reference: draft-ietf-ipsec-arch-sec-07.txt
> paragraph: 4.4.2 selector
> problem:
> I don't really understand the use of the Name field of a selector. What
> is it for?

This selector is used to express policies that are specific to a given
"user" or "system", on hosts that support those concepts.

> How this field is extracted from a IP packet in order to match an
> entry in the SPD?

The names are not typically passed in the IP packets that form the
user communications.  The names are associated with the system or with
logged in users or applications they are running, by the operating
system, and are available to the IPSec implementation when the user
sends or receives traffic.  One example would be to associate a name
with a "socket", maybe via a process control structure, and that
information would be available to IPSec.  In the incoming direction,
the host would check that traffic arriving on the SA was destined for
(one of) the socket(s) associated with the name.

Charlie

need of information on a selector field SALLE Mathias
Re: need of information on a selector field Charles Lynn
Re: need of information on a selector field Michael Richardson