[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new AH spec
> From rja@inet.org Sun Mar 30 12:19:08 1997
> Date: Sun, 30 Mar 97 20:10:09 GMT Daylight Time
> From: Ran Atkinson <rja@inet.org>
> Subject: Re: new AH spec
> To: Dan.McDonald@eng.sun.com, kent@bbn.com, touch@isi.edu
> Cc: ipsec@tis.com
> X-Priority: 3 (Normal)
> References: <199703272257.AA18146@ash.isi.edu>
>
>
> Joe,
>
> "An SPI value of zero indicates no Security Association exists." is a
> very useful part of the IPsec specificationS. By definition, this SPI
> value is NEVER used in a packet sent on the wire. It is extremely useful,
> however, to have a single reserved SPI value that can be optionally
> used for implementation-specific purposes inside some implementation.
Sure - that part is clear. The SPI value of 0 is to the API,
but there is never a case when the value needs to be stored
in the field.
This should be made clear in section 2.4 of the draft.
> In practice, changing or removing this sentence will cause existing fully
> conforming implementations to become non-conforming (which is something
> that the IETF does NOT generally do unless the prior statement has
> some fatal operational flaw, which this reserved value does not).
Given that there's already a revision of the RFC in progress,
this statement is of little significance. Fully conforming
to WHICH - the new or old spec?
PS - in that vein, why does the new draft have
no references to RFC 1826, even though it has the same title?
Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM http://www.isi.edu/atomic2/
USC / Research Assistant Prof. http://www.isi.edu/lsam/
Follow-Ups: