3 Mar 2004 02:28
Re: Ordered and unordered SPD in draft-ietf-ipsec-rfc2401bis-01
Stephen Kent <kent <at> bbn.com>
2004-03-03 01:28:41 GMT
2004-03-03 01:28:41 GMT
At 19:34 -0500 3/2/04, Greg Troxel wrote: > From: "Michael Roe" <mroe <at> microsoft.com> > > In draft-ietf-rfc2401bis-01, the description of the processing > model is very confusing. The problem is that is keeps switching > between two different representations of the SPD: > > (a) An ordered SPD, which may contain overlapping entries > (b) An unordered SPD, which must not contain overlapping entries > >I had a similar reaction on reading the draft, but was lame about >commenting. > >Since decorrelation is "just" an optimization, my (unconsidered) >preference is to have all the descriptions be in terms of the ordered >SPD, perhaps with 'the packet is looked up in the SPD' explained once, >and then that definition simply used. The decorrelation presentation >could then be descriptive, with the authoritative rules for lookup be >in terms of the ordered SPD. the problem is that our new model for processing flow uses caches, which require a decorrelated SPD. Steve
RSS Feed