[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: correction on SPIs

To: Ran Atkinson <rja@cisco.com>
Subject: Re: correction on SPIs
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Thu, 14 Dec 95 13:33:09 GMT
Cc: ipsec@ans.net

I will admit, I am completely confused here about your "combined" or
"separate" number spaces.  I think that some of the folks on the list
are talking past each other.

Here's what Karn did (and Simpson has a slight variant):

 - Each SPI can be used by both AH and ESP.

 - AH and ESP have different keys, even when using the same SPI.

 - AH and ESP use different algorithms, even when using the same SPI.

 - AH and ESP can both be negotiated at the same time (the same exchange).

So, I think of this as a "combined" number space, with orthogonal usage.
Is that what you mean?

I hope that this is clearer in the next Photuris draft.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: ICMP Security Failures
Next by Date: Re: correction on SPIs
Prev by thread: Re: correction on SPIs
Next by thread: Re: correction on SPIs
Index(es):
- Main
- Thread