[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

correction on SPIs

To: ipsec@ans.net
Subject: correction on SPIs
From: Ran Atkinson <rja@cisco.com>
Date: Wed, 13 Dec 1995 08:32:47 -0800


It turns out that my memory is not to be trusted (not entirely surprising :-).

The NRL software does indeed have separate number spaces for SPIs and so
an AH session and an ESP session to the same destination with the same
SPI value will indeed be different Security Associations in the Key
Engine.  

IMHO, this is how all implementations ought to work.   Unless there is
WG consensus to the contrary, I intend to make this separation
very clearly required in the revision to RFC-1825 when I edit it
in a few months.  This should not be hard to implement and makes things
much simpler for the key mgmt mechanisms.

Ran
rja@cisco.com

Follow-Ups:

Re: correction on SPIs

From: Hilarie Orman <ho@cs.arizona.edu>

Re: correction on SPIs

From: "Perry E. Metzger" <perry@piermont.com>

Re: correction on SPIs

From: Phil Karn <karn@qualcomm.com>

Prev by Date: I-D ACTION:draft-ietf-ipsec-skip-05.txt
Next by Date: Re: correction on SPIs
Prev by thread: I-D ACTION:draft-ietf-ipsec-skip-05.txt
Next by thread: Re: correction on SPIs
Index(es):
- Main
- Thread