Re: Re: Re: [ssm] SSM with IPSec

Toerless Eckert <eckert@cisco.com> Thu, 16 January 2003 03:17 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA19324 for <ssm-archive@lists.ietf.org>; Wed, 15 Jan 2003 22:17:33 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0G3W8J04066; Wed, 15 Jan 2003 22:32:08 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0G3NtJ03804 for <ssm@optimus.ietf.org>; Wed, 15 Jan 2003 22:23:55 -0500
Received: from sj-msg-core-3.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA19185 for <ssm@ietf.org>; Wed, 15 Jan 2003 22:08:29 -0500 (EST)
Received: from cisco.com (cypher.cisco.com [171.69.11.143]) by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id h0G3B8jS028739; Wed, 15 Jan 2003 19:11:08 -0800 (PST)
Received: (from eckert@localhost) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) id TAA00431; Wed, 15 Jan 2003 19:08:04 -0800 (PST)
Date: Wed, 15 Jan 2003 19:08:04 -0800
From: Toerless Eckert <eckert@cisco.com>
To: Mark Baugher <mbaugher@cisco.com>
Cc: Toerless Eckert <eckert@cisco.com>, holbrook@cisco.com, Brad Huntting <huntting@glarp.com>, ssm@ietf.org, Brian Weis <bew@cisco.com>
Subject: Re: Re: Re: [ssm] SSM with IPSec
Message-ID: <20030116030804.GF23021@cypher.cisco.com>
References: <5.1.1.5.2.20030115123146.021e95a8@mira-sjc5-6.cisco.com> <20030115171137.GK2103@cypher.cisco.com> <5.1.1.5.2.20030115123146.021e95a8@mira-sjc5-6.cisco.com> <5.1.1.5.2.20030115142209.0219a158@mira-sjc5-6.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5.1.1.5.2.20030115142209.0219a158@mira-sjc5-6.cisco.com>
User-Agent: Mutt/1.4i
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>

On Wed, Jan 15, 2003 at 02:28:20PM -0800, Mark Baugher wrote:
> When the security association is pushed down to the member by key 
> management, there will need to be a flag that declares whether it is 
> indexed with the source address (SSM) or not (ASM), i.e. whether multiple 
> sources will share that SA.  We might be able to leave it at this level 
> without explicitly declaring it to be ASM or SSM to IPsec.  In fact, this 
> would allow ASM groups to be indexed by source address (a separate SA for 
> each sender) or SSM to not be indexed by source address (one SA for 
> multiple channels).  Whether this makes sense or not is a matter of policy 
> that is implemented in the key server.

Right, that sounds good. 

_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm