[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPI and its length in the ISAKMP Proposal

To: ipsec@tis.com
Subject: SPI and its length in the ISAKMP Proposal
From: John Burke <jburke@cylink.com>
Date: Wed, 10 Sep 1997 10:55:42 -0700
Sender: owner-ipsec@ex.tis.com

A piddly, I don't know if anyone will have trouble on this point but
someone might:

I don't see where any specific SPI length is required in the Proposal
Payload of the Phase I ISAKMP negotiation.  It is prescribed that its value
should be zero, in the ISAKMP draft ver-08, "2.4 Identifying Security
Associations".

This suggests to me that everyone is obliged to accept any SPI length in a
Phase I Proposal payload; it is even arguable a SPI length of zero is
acceptable here.  Or an odd number, like 1, but that would be really wierd.

I know that in specification of the Notify and Delete payloads it is
prescribed that the SPI is the cookie pair; but I would say nothing says
this applies to the Proposal case.

If everyone is producing size 16 now then it would be reasonable for
everyone to agree it should be so, and for that clarification to appear in
a later draft.

Our implementation is going to send SPI length 16 in these Proposals, but
will accept all lengths.

- John Burke

Follow-Ups:

Re: SPI and its length in the ISAKMP Proposal

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: DES <weak> key list?
Next by Date: Re: Re[2]: Vendors who are implementing IPSEC, step forward....
Prev by thread: Re: DES <weak> key list?
Next by thread: Re: SPI and its length in the ISAKMP Proposal
Index(es):
- Main
- Thread