saag-4----Page:7
1 2 3 4 5 6 7 8 9
|
TSAD Could be part of TCB, could be separate Indexed by connection ID (“socket pair”) Entry contains (separate for inbound/outbound): Option exclusion list Zero or more key tuples Zero means TCP-AO not used Each tuple includes KeyID(optional), MAC, key length, key If there is no KeyID on any tuple, there is only one tuple MAC type can be NONE (indicating no TCP-AO) No overlap of KeyIDs (i.e., if parms change, key changes) |