[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: An idea: GxSE

To: "Mohan Parthasarathy" <Mohan.Parthasarathy@eng.sun.com>
Subject: Re: An idea: GxSE
From: "Paul Francis" <yoid2000@home.com>
Date: Fri, 22 Jun 2001 10:58:11 -0700
Cc: <multi6@ops.ietf.org>
Delivery-date: Fri, 22 Jun 2001 10:58:19 -0700
Envelope-to: multi6-data@psg.com
Organization: TAHOE Networks
Reply-To: "Paul Francis" <paul@francis.com>

>
> There was another suggestion that we can rewrite the destination
> address by DSBR, that will also break IPsec because you can't
> locate the SA (SAs are looked up using dst_addr, SPI). I agree
> that it might be too early to discuss about IPsec issues.
>

Clearly IPsec would have to change to accomodate this.  I assume something
like use the ID part of the source address and the whole destination address
as part of the encrypted body, and use the SPI and any of the list of
addresses to identify the incoming packet.

PF

Prev by Date: Re: An idea: GxSE
Next by Date: Re: GxSE & ESP/AH
Prev by thread: Re: An idea: GxSE
Next by thread: Re: An idea: GxSE
Index(es):
- Date
- Thread