[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: An idea: GxSE



>
> There was another suggestion that we can rewrite the destination
> address by DSBR, that will also break IPsec because you can't
> locate the SA (SAs are looked up using dst_addr, SPI). I agree
> that it might be too early to discuss about IPsec issues.
>

Clearly IPsec would have to change to accomodate this.  I assume something
like use the ID part of the source address and the whole destination address
as part of the encrypted body, and use the SPI and any of the list of
addresses to identify the incoming packet.

PF