[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Association vis a vis Security Parameters Index

To: ipsec@tis.com
Subject: Re: Security Association vis a vis Security Parameters Index
From: "William Allen Simpson" <wsimpson@greendragon.com>
Date: Fri, 11 Jul 97 12:38:22 GMT
Sender: owner-ipsec@ex.tis.com

> From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>
> As best I remember, SPI was invented because SAID was already the common
> terminology for this mechanism and inventing a new term allowed the creation
> of a new definition without having to harmonize the usage with existing
> conventions.
>
> If we are looking for historical attribution,

As far as I know, we are not looking for history outside this WG.  We
are looking for _the_ definition that was defined in _this_ WG, which
was (by your own admission) different from existing conventions.

And this discussion started because the current document editor is
trying to take us back to _old_ definitions, rather than the ones _we_
defined.  We didn't approve the old definitions.  We had good solid
reasons for coming up with a new term and new definitions.


> SAs were defined in exceeding fine detail by the SILS working
> group in IEEE.

So what?  We didn't use IEEE.  It was proposed, and rejected.


> SWIPE and Photuris both stole many concepts from the ISO
> specification for NLSP.

Maybe I'm particularly cranky in the morning, but this is unutterable
!@!@*!^%@!&%@&%!@!%@.

NLSP was not mentioned in room 416 in San Diego (in 1992) when Karn
sprawled across my bed and first drew out the packet formats that later
became swIPe, nor in any of the lunch and dinner meetings that _I_
attended which launched the IPSec BOFs.

And comparing the diagrams in the Proceedings (Nov 1993), I see that
"I-NLSP" is not at all like the protocols we are currently using.

Whereas, Karn's presentation and demonstration of working code at that
same meeting in 1993 (and the swIPe internet-draft) have exactly the
fields we are using, with the same "tunnel" versus "transport" modes,
all spelled out in pretty pictures.

NLSP was not mentioned in any of the design meetings for Photuris.
Indeed, other than that single presentation in 1993, I've never seen any
details.  I'd be pretty surprised if there were any fields that matched.


> >Once upon a time, we called all the KMPs "Security Association
> >Management Protocols" (SAMP).
>
> No ... in ipsec, we first called our placeholder for a key management
> specification the Internet Key Management Protocol (IKMP).  SAMP was a
> specific complete proposal that was distributed to the working group.

Using the "royal we", I see.  IKMP is what _you_ called things in
meeting minutes, but you were rather out of touch with the words the
rest of us were using in conversation.

SAMP was probably the name of a proposal for the very reason that that
is what the unwashed masses were calling the needed functionality.  Hard
to know, as we cannot read the mind of the presenter.  Hard to know the
details, either, as the presentation didn't make its way into the
Proceedings.

Only presentations that you "approved" show up in minutes and
proceedings.  It has been a real problem, that the new chairs have
assured me they will not emulate....

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Sequence Number
Next by Date: on the nature of recent suggestions
Prev by thread: Re: Security Association vis a vis Security Parameters Index
Next by thread: ELVIS?
Index(es):
- Main
- Thread