[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security Parameter Index
> From: smb@research.att.com
> There are certainly many possible ways to implement a security
> architecture. It may be that the drafts are not clear. The intent of
> the current design is the SAID is strictly an endpoint concept, and is
> not known to intermediate hops. It manifestly is not a security
> label. I personally prefer the term ``key identifier'', from the
> SP3/SP4 drafts; it's much less confusing than OSIspeak.
>
I agree. But it covers more than the Key. And Identifier is overused.
> With the exception of the reserved values -- which are a concession to
> the need for other possible models of how to do things -- the SAID can
> be thought of as strictly a table index. The table itself supplies the
> cryptographic algorithm identifier, the current session key, the
> security level, the expiration time, and any host-specific information,
> such as userid.
>
We could change the name from SAID to "Index". Militaristic linguists
could call it a "Security Parameter Index", or "SecParIn" for short.
Bill.Simpson@um.cc.umich.edu