[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new AH spec
Joe,
"An SPI value of zero indicates no Security Association exists." is a
very useful part of the IPsec specificationS. By definition, this SPI
value is NEVER used in a packet sent on the wire. It is extremely useful,
however, to have a single reserved SPI value that can be optionally
used for implementation-specific purposes inside some implementation.
In practice, changing or removing this sentence will cause existing fully
conforming implementations to become non-conforming (which is something
that the IETF does NOT generally do unless the prior statement has
some fatal operational flaw, which this reserved value does not).
Ran
rja@inet.org
References: