[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Parameter Index

To: ipsec@ans.net
Subject: Security Parameter Index
From: "William Allen Simpson" <Bill.Simpson@um.cc.umich.edu>
Date: Mon, 20 Mar 95 09:36:44 GMT

> From: smb@research.att.com
> There are certainly many possible ways to implement a security
> architecture.  It may be that the drafts are not clear.  The intent of
> the current design is the SAID is strictly an endpoint concept, and is
> not known to intermediate hops.  It manifestly is not a security
> label.  I personally prefer the term ``key identifier'', from the
> SP3/SP4 drafts; it's much less confusing than OSIspeak.
>
I agree.  But it covers more than the Key.  And Identifier is overused.


> With the exception of the reserved values -- which are a concession to
> the need for other possible models of how to do things -- the SAID can
> be thought of as strictly a table index.  The table itself supplies the
> cryptographic algorithm identifier, the current session key, the
> security level, the expiration time, and any host-specific information,
> such as userid.
>
We could change the name from SAID to "Index".  Militaristic linguists
could call it a "Security Parameter Index", or "SecParIn" for short.

Bill.Simpson@um.cc.umich.edu

Prev by Date: Re: Routing
Next by Date: Auth Header Length
Prev by thread: Re: Comments on draft-metzger-ah-01.txt
Next by thread: Re: Security Parameter Index
Index(es):
- Main
- Thread