-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Kent wrote: > Joe, > >> ... >> > >> >>> >>> This almost sounds like a MIDCOM-style solution. I think this would >>> be a very big change to the current IPsec architecture, probably out >>> of scope for this WG. >> >> >> I agree, however I wonder if that sort of issue was already present in >> the BITW variants in 4301 anyway (to ensure, e.g., that packets arriving >> on different links with the same IP address didn't collide on SPI >> allocations). > > > This might be a problem if each interface had a distinct IPsec > implementation, not just a distinct SPD. However, I know of no such > devices, and thus no instances of problems of this sort. With just one > SAD for a BITW device, SPI assignment is centralized and thus the > problem you cite is avoided. > > Steve Just curious - without diving into 4301 myself - is that spec'd in 4301? Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD/kDxE5f5cImnZrsRAp2IAJ94FxemzXECg6TScHjipriveRResACfZg6q xQSylEDrbavQ7DgDrsadPgE= =HQQb -----END PGP SIGNATURE-----
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.