On Fri, Aug 03, 2007 at 01:07:52PM -0400, James Carlson wrote: > > It's up to Key Management (e.g. IKE) to pin these sockets up. And usually > > the KM traffic uses the 0-SPI value with its peer. > > Ah, that's the bit I needed to understand, thanks. I was expecting a > closer tie here.
It's a point of principle for me --> KM and traffic keys should be as loosely coupled as possible. Historically, too many KM schemes have turned out to have holes in them. Dan
