[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modify feature of Change_Message





From:  "William Allen Simpson" <bsimpson@morningstar.com>
> Ran and NSA asked for the ability to modify attributes on the fly. 
> Thus, it is a recent addition to Photuris.  If they don't give a 
> better reason for needing the facility, I would be happy to restrict 
> it again to adding/deleting entire SPIs.
>
> Or, if they would like, we could restrict it to only certain 
> attributes, which are individually specified.  So far, there is only 
> one that has been mentioned as a candidate for modification -- 
> Sensitivity Label.

Bill,

The IEEE 802.10 working group spent alot of time discussing the various 
options here.  In the end, we decided that SAIDs (or SPIs in Photuris) are 
cheap, so the possibility of confusion about the attributes associated with 
any particular key should be avoided.  Therefore, if in the lifetime of a 
key two different sets of attributes need to be associted with the key, 
then these are treated as separate security associations.  It greatly 
simplifies the protocol state machine.  I suggest that you follow a similar 
track.

Russ