[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPIs, etc.

To: rja@cisco.com
Subject: Re: SPIs, etc.
From: Phil Karn <karn@qualcomm.com>
Date: Mon, 18 Dec 1995 22:43:58 -0800 (PST)
Cc: ipsec@ans.net
In-Reply-To: <199512122345.AA05728@interlock.ans.net> (message from Ran Atkinson on Tue, 12 Dec 1995 15:45:36 -0800)

>  Phil Karn is right that the SPI number spaces should be separate for AH
>and ESP because they are different protocols.

Right. And for this same reason I've argued that there should be
separate attribute lists in Photuris for AH and ESP. These are
independent protocols with their own orthogonal options and number
spaces.

I'd like to add language something like the following to future
versions of the AH and ESP documents:

	Implementations MUST accept and properly process incoming "nested"
	security packets, i.e., packets using both the AH and ESP, where the
	SPIs for AH and ESP are the same. Implementations SHOULD be capable of
	generating nested packets with the same SPIs for AH and ESP, but they
	MAY be configured not to do so.

Phil

References:

SPIs, etc.

From: Ran Atkinson <rja@cisco.com>

Prev by Date: Re: forward secrecy
Next by Date: Re: correction on SPIs
Prev by thread: Re: SPIs, etc.
Next by thread: URLs
Index(es):
- Main
- Thread