Re: Outbound interface as a selector?
Stephen Kent <kent@bbn.com> Mon, 18 October 1999 21:13 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id OAA04398; Mon, 18 Oct 1999 14:13:44 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA16943 Mon, 18 Oct 1999 15:40:54 -0400 (EDT)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: kent@po1.bbn.com
Message-Id: <v04020a04b430e638a916@[171.78.6.226]>
In-Reply-To: <199910172118.OAA14917@kebe.Eng.Sun.COM>
Date: Mon, 18 Oct 1999 11:01:34 -0400
To: Dan McDonald <danmcd@Eng.Sun.Com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: Outbound interface as a selector?
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Dan, >Consider the case of IPv6 link-local multicast. Say I have two multicast SAs >for dstaddr == ff02::2 (all-routers mcast). Let's say further that one SA is >for one link, and the other SA is for the other link. Unless I hardcode SPIs >into the user API (which is a BAD idea), I need to distinguish between the >two SAs. The only way I can think of is to use the outgoing interface as a >selector for outbound d-grams (and for that matter, inbound d-grams too). > >Off the top of your heads, do you see anything really broken about the idea >of outbound interface as a selector? I'm not sure I understand your example well enough to reply. Although there are per-interface SPDs, interfaces are NOT selectors. The reason being that they are not part of the addressing scheme visible at the IP interface. Absent the use of IPsec, how would a user have selected one interface vs. another via the usual OS calls (or why would he care)? Steve
- Outbound interface as a selector? Dan McDonald
- Re: Outbound interface as a selector? Angelos D. Keromytis
- Re: Outbound interface as a selector? Henry Spencer
- Re: Outbound interface as a selector? Stephen Kent