[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: reserving some SAIDs

To: ipsec@ans.net, Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>
Subject: Re: reserving some SAIDs
From: "Housley, Russ" <housley@spyrus.com>
Date: Wed, 03 Aug 94 08:39:06
Encoding: 2670 Text


Ran:

Since you have chosen to use a 32 bit SAID (the same size as the IEEE 
802.10 SAID), I suggest that you consider the reserved SAIDs that IEEE 
802.10 has set aside.

Here is what is says on page 12 of IEEE Std 802.10-1992:

     The SAID fields identifies the security association.  It contains the 
     SAID associated with the destination SDE entity.  If the destination 
     is a group address, the SAID value is common for all the stations in 
     the group and is negotiated by key management or system management.  
     The SAID field is four octets in length and is mandatory when the 
     Clear Header is present.

     Figure 2-5 -- SAID Format

          {The figure names the most significant bit the G-bit, and it 
          names the rest of the bits the ID bits.  When the G-bit is zero, 
          the SAID denotes an individual security association.  When the 
          G-bit is one, the SAID denotes a group security association.}

     Four SAID values are reserved for the purpose of establishing initial 
     communication with key management or system management when an SAID has 
     not already been negotiated.  These SAID values are called "bootstrap" 
     SAIDs, and identify preestablished security associations.  If the 
     bootstrap SAID is used for key management, the ID bits contain all 
     zeros.  If the bootstrap SAID is used for system management, the ID 
     bits contain all ones.  The use of the bootstrap SAID mechanism is 
     optional.  Communication to the System management and Key Management 
     Stacks may be accomplished via the use of any security association 
     whose SDE_SAP object indicates the appropriate stack.  Also note that 
     the function of key management or system management can reside on a 
     User stack; however, the bootstrap SAIDs cannot be used to support 
     those implementations.

If you do not choose to follow these rules, please do not reuse the four 
bootstrap SAIDs.  Keep them reserved.

Russ


______________________________ Reply Separator _________________________________
Subject: reserving some SAIDs
Author:  Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil> at internet 
Date:    8/3/94 3:11 PM


One subject that I've been asked about several times by IPv6 folks 
is whether we could reserve some SAID values.  These could be
used for predefined meanings (e.g. use RSA with the public keys 
from the DNS to encrypt/decrypt this packet).  In the IPv6 drafts 
I'm proposing to reserve 0xFFFFFF01 through 0xFFFFFFFF for future 
use along these lines.

Comments ??

Ran
atkinson@itd.nrl.navy.mil

Follow-Ups:

Re: reserving some SAIDs

From: Steve Kent <kent@BBN.COM>

Prev by Date: Fwd: Lawsuits Against PKP
Next by Date: SKIP presentation available in postscript
Prev by thread: Fwd: Lawsuits Against PKP
Next by thread: Re: reserving some SAIDs
Index(es):
- Main
- Thread