[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Parameter Index

> From: smb@research.att.com
> There are certainly many possible ways to implement a security
> architecture.  It may be that the drafts are not clear.  The intent of
> the current design is the SAID is strictly an endpoint concept, and is
> not known to intermediate hops.  It manifestly is not a security
> label.  I personally prefer the term ``key identifier'', from the
> SP3/SP4 drafts; it's much less confusing than OSIspeak.
I agree.  But it covers more than the Key.  And Identifier is overused.

> With the exception of the reserved values -- which are a concession to
> the need for other possible models of how to do things -- the SAID can
> be thought of as strictly a table index.  The table itself supplies the
> cryptographic algorithm identifier, the current session key, the
> security level, the expiration time, and any host-specific information,
> such as userid.
We could change the name from SAID to "Index".  Militaristic linguists
could call it a "Security Parameter Index", or "SecParIn" for short.