[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SAs and SPIs




        Those of us watching and working with IPSEC and the relevant IETF
mail have recently received a number of epistles on the subject of SAs and
SPIs. I think Scott Kelley's questions (as yet unanswered) are particularly
enlightening (he is from Furukawa.) Similarly, the Atkinsons, Simpson, Kent,
Palamber exchanges (the definitions and historical overview resemble a
famous Japanese movie which presented the same event viewed by several
people. Who can identify this film?)
        In any case, the exchanges, while enlightening, don't give examples
of usage (theoretical or made up ones would be OK.) The SA-SPI pair remains
"numbers" leaving us with what logicians call a continuous deferral since in
our world everything is numbers.)  Also, the question of what actual
implementations have in them seems to be open.
        In order to help with this question can I offer a typical corporate
situation and ask how this would be handled (the answer, "with numbers",
will not do.)  Let us suppose Amgen wants to use IPSEC to control and
protect its transmitted and received messages. Within Amgen are a number of
projects and the results and data associated with each project need to be
protected from outside competitors. Also Amgen employees working on one
project only in selected cases are allowed to receive results from other
projects.  There are managers at several levels who have access to varying
parts of the developments.  There is also a personnel dept., a medical
dept., and a payroll-financial dept.  In addition, Amgen has research
arrangements with five other biotech firms which work on several of the
projects and there is some communication possible between several of them as
well as with the relevant Amgen projects.
        Now, how are the SPI-SA combinations set up to handle this traffic
and how are they (dynamically) controlled?  Is there a methodology
associated with this?  Like others on the IPSEC-IETF infoline, I eagerly
await a response to the questions in this area.

                                        T.C. Bartee 

-----------------------------------------------
Thomas Q. Bartee
The MITRE Corporation
Mail Stop W967
1820 Dolley Madison Boulevard
McLean, VA  22102

Telephone: (703) 883-7849
E-mail: tbartee@mitre.org



Follow-Ups: