[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: correction on SPIs

To: rja@cisco.com
Subject: RE: correction on SPIs
From: pau@watson.ibm.com
Date: Wed, 13 Dec 1995 15:46:37 -0500
Cc: ipsec@ans.net



Ran, this is how I implemented it also. A SPI value can refer to
different keys, depending on whether this API is for ESP or AH.

My code does allow different SPI values for ESP and AH in the same message.
However, I don't see any real need for this flexibility.

Pau-Chen

> From @yktvmv.watson.ibm.com:postmaster@watson.vnet.ibm.com Wed Dec 13 13:41:23 1995
> Message-Id: <199512131632.AA03477@interlock.ans.net>
> Date: Wed, 13 Dec 1995 08:32:47 -0800
> From: Ran Atkinson <rja@cisco.com>
> To: ipsec@ans.net
> Subject: correction on SPIs
> Content-Length: 635
> Status: RO
>
>
> It turns out that my memory is not to be trusted (not entirely surprising :-).
>
> The NRL software does indeed have separate number spaces for SPIs and so
> an AH session and an ESP session to the same destination with the same
> SPI value will indeed be different Security Associations in the Key
> Engine.
>
> IMHO, this is how all implementations ought to work.   Unless there is
> WG consensus to the contrary, I intend to make this separation
> very clearly required in the revision to RFC-1825 when I edit it
> in a few months.  This should not be hard to implement and makes things
> much simpler for the key mgmt mechanisms.
>
> Ran
> rja@cisco.com
>

------------- End Forwarded Message -------------


------------- End Forwarded Message -------------

Prev by Date: Re: correction on SPIs
Next by Date: Re: correction on SPIs
Prev by thread: Re: correction on SPIs
Next by thread: Re: correction on SPIs
Index(es):
- Main
- Thread