[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: reserving some SAIDs
Ran:
Since you have chosen to use a 32 bit SAID (the same size as the IEEE
802.10 SAID), I suggest that you consider the reserved SAIDs that IEEE
802.10 has set aside.
Here is what is says on page 12 of IEEE Std 802.10-1992:
The SAID fields identifies the security association. It contains the
SAID associated with the destination SDE entity. If the destination
is a group address, the SAID value is common for all the stations in
the group and is negotiated by key management or system management.
The SAID field is four octets in length and is mandatory when the
Clear Header is present.
Figure 2-5 -- SAID Format
{The figure names the most significant bit the G-bit, and it
names the rest of the bits the ID bits. When the G-bit is zero,
the SAID denotes an individual security association. When the
G-bit is one, the SAID denotes a group security association.}
Four SAID values are reserved for the purpose of establishing initial
communication with key management or system management when an SAID has
not already been negotiated. These SAID values are called "bootstrap"
SAIDs, and identify preestablished security associations. If the
bootstrap SAID is used for key management, the ID bits contain all
zeros. If the bootstrap SAID is used for system management, the ID
bits contain all ones. The use of the bootstrap SAID mechanism is
optional. Communication to the System management and Key Management
Stacks may be accomplished via the use of any security association
whose SDE_SAP object indicates the appropriate stack. Also note that
the function of key management or system management can reside on a
User stack; however, the bootstrap SAIDs cannot be used to support
those implementations.
If you do not choose to follow these rules, please do not reuse the four
bootstrap SAIDs. Keep them reserved.
Russ
______________________________ Reply Separator _________________________________
Subject: reserving some SAIDs
Author: Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil> at internet
Date: 8/3/94 3:11 PM
One subject that I've been asked about several times by IPv6 folks
is whether we could reserve some SAID values. These could be
used for predefined meanings (e.g. use RSA with the public keys
from the DNS to encrypt/decrypt this packet). In the IPv6 drafts
I'm proposing to reserve 0xFFFFFF01 through 0xFFFFFFFF for future
use along these lines.
Comments ??
Ran
atkinson@itd.nrl.navy.mil
Follow-Ups: