[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPI orthogonality
> From: Stephen Kent <kent@bbn.com>
> I'm not sure what Bill finds "unclear" in this description, but I leave it
> to the WG co-chairs to judge.
The WG co-chairs? What have they to do with this? 5 WG members
already have expressed dissatisfaction with your text. Therefore, on
its face, it must be unclear.
I provided clear and unambiguous text. Use it.
> I also don't understand Bill's explanation of the difference between an
> SAID and an SPI, since an SA is identified by the SPI (in context).
Wrong! I defined the name, acronym, and original SPI semantics. Don't
try to twist my words.
A Security Association is between parties. A KMP establishes security
associations.
The SPI is an indicator of a one-way list of parameters. It is specific
to a protocol and a destination.
There is no relation between SPIs in different directions, or even a
requirement that SPIs come in pairs. The term SA implies such a
relation.
> Bill's
> examples of Cookie pairs as the way an SA is defined, in the context of
> specific key management protocols, does not clarify the difference for me,
> and it would have to be generalized to encompass SAs that are manuallly
> keyed. This seems largely a moot issue, since the term "SAID" does not
> appear anywhere in the AH, ESP nor Arch Doc I-Ds.
>
The problem is that your text changes the semantics to those of a SAID
(not that "SAID" is mentioned), which we _rejected_ many years ago
(after what seemed like decades of argument on what trust relationship
the SAID implies). Again, your understanding is incorrect.
There is no problem with generalizing. The "act" of establishing manual
keys encompasses SAs.
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2