[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new AH spec
> From: Dan.McDonald@eng.sun.com (Dan McDonald)
> > 2.4 Security Parameters Index (SPI)
>
> > A value of zero indicates that no Security Association exists. The SPI
> > field is mandatory. It is ordinarily selected by the destination
> > system upon establishment of an SA (see "Security Architecture for
> > the Internet Protocol" [KA97a] for more details).
> >
> > *** Under what circumstances will a zero SPI be employed? Is this
> > *** still relevant or is it vestigial?
>
> A zero SPI is useful for any number of implementation-specific aids. An
> example I can think of off the top of my head is that if my
> getassocybyendpoint() call for an outgoing datagram returns an association
> with a zero SPI, I can interpret this as any number of results (including, "I
> just kicked key management in the rear, I'll get back to you.")
But under what circumstances would you set the SPI in the outgoing datagram
to zero - wouldn't you wait??
(I can't send it and hope to resolve it later - what if I have several
pending key mgt requests, then I can't distinguish which packets use
which associations later)
Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/
USC / Research Assistant Prof. http://www.isi.edu/lsam/
Follow-Ups: