Re: Outbound interface as a selector?

"Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu> Sun, 17 October 1999 22:51 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id PAA07610; Sun, 17 Oct 1999 15:51:51 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id RAA13284 Sun, 17 Oct 1999 17:44:52 -0400 (EDT)
Message-Id: <199910172146.RAA08002@nyarlathotep.cis.upenn.edu>
X-Mailer: exmh version 2.0.2 2/24/98
To: Dan McDonald <danmcd@Eng.Sun.Com>
Cc: ipsec@lists.tislabs.com
Subject: Re: Outbound interface as a selector?
In-reply-to: Your message of "Sun, 17 Oct 1999 14:18:55 PDT." <199910172118.OAA14917@kebe.Eng.Sun.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sun, 17 Oct 1999 17:46:05 -0400
From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

In message <199910172118.OAA14917@kebe.Eng.Sun.COM>, Dan McDonald writes:
>
>Off the top of your heads, do you see anything really broken about the idea
>of outbound interface as a selector?

No; in fact, it's also necessary if you are going to do link encryption at the
network layer (your example seemed a special case of this). I believe the
architecture RFC does not prohibit this.

The only negative side-effect is that, depending on the implementation
specifics, you may end up doing one routing-table lookup more than you need;
considering the cost of doing crypto, this is rather negligible.
-Angelos