[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new AH spec

To: kent@bbn.com, Dan.McDonald@Eng.sun.com
Subject: Re: new AH spec
From: touch@isi.edu
Date: Thu, 27 Mar 1997 14:57:40 -0800
Cc: ipsec@tis.com
Posted-Date: Thu, 27 Mar 1997 14:57:40 -0800
Sender: owner-ipsec@ex.tis.com

> From: Dan.McDonald@eng.sun.com (Dan McDonald)

> > 2.4 Security Parameters Index (SPI)
> 
> >    A value of zero indicates that no Security Association exists.  The SPI
> >    field is mandatory.  It is ordinarily selected by the destination
> >    system upon establishment of an SA (see "Security Architecture for
> >    the Internet Protocol" [KA97a] for more details).
> >
> >    *** Under what circumstances will a zero SPI be employed?  Is this
> >    *** still relevant or is it vestigial?
> 
> A zero SPI is useful for any number of implementation-specific aids.  An
> example I can think of off the top of my head is that if my
> getassocybyendpoint() call for an outgoing datagram returns an association
> with a zero SPI, I can interpret this as any number of results (including, "I
> just kicked key management in the rear, I'll get back to you.")

But under what circumstances would you set the SPI in the outgoing datagram
to zero - wouldn't you wait??

(I can't send it and hope to resolve it later - what if I have several
pending key mgt requests, then I can't distinguish which packets use
which associations later)

Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu		    http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM       http://www.isi.edu/atomic2/
USC / Research Assistant Prof.                http://www.isi.edu/lsam/

Follow-Ups:

Re: new AH spec

From: Dan.McDonald@Eng.sun.com (Dan McDonald)

Re: new AH spec

From: Ran Atkinson <rja@inet.org>

Prev by Date: Re: new AH spec
Next by Date: Re: new AH spec
Prev by thread: Re: new AH spec
Next by thread: Re: new AH spec
Index(es):
- Main
- Thread