[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security Parameter Index
Bill & Steve:
>> From: smb@research.att.com
>> There are certainly many possible ways to implement a security
>> architecture. It may be that the drafts are not clear. The intent of
>> the current design is the SAID is strictly an endpoint concept, and is
>> not known to intermediate hops. It manifestly is not a security
>> label. I personally prefer the term ``key identifier'', from the
>> SP3/SP4 drafts; it's much less confusing than OSIspeak.
>
>Reply From: Bill.Simpson@um.cc.umich.edu
>I agree. But it covers more than the Key. And Identifier is overused.
I was involved in SDNS which coined the term key identifier (KID) and IEEE
802.10b which coined the term security associaion identifier (SAID). The
IEEE 802.10b standard has many similarities to SDNS SP3/SP4. This is
becasue a significant number of people were involved in both efforts. The
term KID was changed to SAID to amplify the fact that the identifier (or
index) names more than a key. It names a key and attributes of the
association. The SDNS documents called this association a cryptographic
association; the IEEE 802.10b documnet calls this association a security
association. The point is simple: interoperability requires that the
keying material and attributes assoicated with the security protocol be
common.
Russ