[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new AH spec

To: Dan.McDonald@Eng.sun.com, kent@bbn.com, touch@isi.edu
Subject: Re: new AH spec
From: Ran Atkinson <rja@inet.org>
Date: Sun, 30 Mar 97 20:10:09 GMT Daylight Time
Cc: ipsec@tis.com
References: <199703272257.AA18146@ash.isi.edu>
Sender: owner-ipsec@ex.tis.com


Joe,

  "An SPI value of zero indicates no Security Association exists." is a
very useful part of the IPsec specificationS.  By definition, this SPI 
value is NEVER used in a packet sent on the wire.  It is extremely useful,
however, to have a single reserved SPI value that can be optionally 
used for implementation-specific purposes inside some implementation. 
 
  In practice, changing or removing this sentence will cause existing fully 
conforming implementations to become non-conforming (which is something 
that the IETF does NOT generally do unless the prior statement has
some fatal operational flaw, which this reserved value does not).

Ran
rja@inet.org

References:

Re: new AH spec

From: touch@isi.edu

Prev by Date: Call for Presentations - SIP & Security for Mobile Users
Next by Date: Re: new ESP spec (bigger message)
Prev by thread: Re: new AH spec
Next by thread: Re: new AH spec
Index(es):
- Main
- Thread