Re: need of information on a selector field
Charles Lynn <clynn@bbn.com> Fri, 20 November 1998 16:27 UTC
Received: by portal.ex.tis.com (8.9.1/8.9.1) id LAA28638 for ipsec-outgoing; Fri, 20 Nov 1998 11:27:50 -0500 (EST)
Message-Id: <199811201653.LAA09698@relay.hq.tis.com>
Date: Fri, 20 Nov 1998 11:42:25 -0500
From: Charles Lynn <clynn@bbn.com>
To: SALLE Mathias <matsal@hplb.hpl.hp.com>
cc: ipsec@tis.com
Subject: Re: need of information on a selector field
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Mathias, > reference: draft-ietf-ipsec-arch-sec-07.txt > paragraph: 4.4.2 selector > problem: > I don't really understand the use of the Name field of a selector. What > is it for? This selector is used to express policies that are specific to a given "user" or "system", on hosts that support those concepts. > How this field is extracted from a IP packet in order to match an > entry in the SPD? The names are not typically passed in the IP packets that form the user communications. The names are associated with the system or with logged in users or applications they are running, by the operating system, and are available to the IPSec implementation when the user sends or receives traffic. One example would be to associate a name with a "socket", maybe via a process control structure, and that information would be available to IPSec. In the incoming direction, the host would check that traffic arriving on the SA was destined for (one of) the socket(s) associated with the name. Charlie
- need of information on a selector field SALLE Mathias
- Re: need of information on a selector field Charles Lynn
- Re: need of information on a selector field Michael Richardson