[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Parameter Index

To: ipsec@ans.net, "William Allen Simpson" <Bill.Simpson@um.cc.umich.edu>
Subject: Re: Security Parameter Index
From: "Housley, Russ" <housley@spyrus.com>
Date: Wed, 22 Mar 95 05:14:29
Encoding: 1349 Text


Bill & Steve:

>> From: smb@research.att.com
>> There are certainly many possible ways to implement a security
>> architecture.  It may be that the drafts are not clear.  The intent of 
>> the current design is the SAID is strictly an endpoint concept, and is 
>> not known to intermediate hops.  It manifestly is not a security
>> label.  I personally prefer the term ``key identifier'', from the 
>> SP3/SP4 drafts; it's much less confusing than OSIspeak.
>
>Reply From: Bill.Simpson@um.cc.umich.edu
>I agree.  But it covers more than the Key.  And Identifier is overused.

I was involved in SDNS which coined the term key identifier (KID) and IEEE 
802.10b which coined the term security associaion identifier (SAID).  The 
IEEE 802.10b standard has many similarities to SDNS SP3/SP4.  This is 
becasue a significant number of people were involved in both efforts.  The 
term KID was changed to SAID to amplify the fact that the identifier (or 
index) names more than a key.  It names a key and attributes of the 
association.  The SDNS documents called this association a cryptographic 
association; the IEEE 802.10b documnet calls this association a security 
association.  The point is simple: interoperability requires that the 
keying material and attributes assoicated with the security protocol be 
common.

Russ

Prev by Date: Re: A Photuris variant
Next by Date: Re: MD5 versus SHA
Prev by thread: Security Parameter Index
Next by thread: Auth Header Length
Index(es):
- Main
- Thread