Re: new AH spec

[touch@isi.edu]

> From rja@inet.org Sun Mar 30 12:19:08 1997
> Date: Sun, 30 Mar 97 20:10:09 GMT Daylight Time
> From: Ran Atkinson  <rja@inet.org>
> Subject: Re: new AH spec 
> To: Dan.McDonald@eng.sun.com, kent@bbn.com, touch@isi.edu
> Cc: ipsec@tis.com
> X-Priority: 3 (Normal)
> References: <199703272257.AA18146@ash.isi.edu> 
> 
> 
> Joe,
> 
>   "An SPI value of zero indicates no Security Association exists." is a
> very useful part of the IPsec specificationS.  By definition, this SPI 
> value is NEVER used in a packet sent on the wire.  It is extremely useful,
> however, to have a single reserved SPI value that can be optionally 
> used for implementation-specific purposes inside some implementation. 

Sure - that part is clear. The SPI value of 0 is to the API,
but there is never a case when the value needs to be stored
in the field.

This should be made clear in section 2.4 of the draft.

>   In practice, changing or removing this sentence will cause existing fully 
> conforming implementations to become non-conforming (which is something 
> that the IETF does NOT generally do unless the prior statement has
> some fatal operational flaw, which this reserved value does not).

Given that there's already a revision of the RFC in progress,
this statement is of little significance. Fully conforming
to WHICH - the new or old spec?

PS - in that vein, why does the new draft have 
no references to RFC 1826, even though it has the same title?

Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu		    http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM       http://www.isi.edu/atomic2/
USC / Research Assistant Prof.                http://www.isi.edu/lsam/

---

Follow-Ups:

• Re: new AH spec
• From: Ran Atkinson <rja@inet.org>

---

• Prev by Date: I-D ACTION:draft-ietf-ipsec-new-auth-00.txt
• Next by Date: Re: new AH spec
• Prev by thread: Re: new AH spec
• Next by thread: Re: new AH spec
• Index(es):
  • Main
  • Thread