[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP SPI

To: ipsec@tis.com
Subject: ISAKMP SPI
From: hugh@mimosa.com ("D. Hugh Redelmeier")
Date: Sat, 28 Mar 1998 16:16:00 -0500
Sender: owner-ipsec@ex.tis.com

draft-ietf-ipsec-isakmp-09.txt section 2.4 "Identifying Security
Associations" says:

  During phase 1 negotiations, the initiator and responder cookies deter-
  mine the ISAKMP SA. Therefore, the SPI field in the Proposal payload is
  redundant and MAY be set to 0 or it MAY contain the transmitting entity's
  cookie.

This seems like a useless option.  Surely things would be simpler if
we just require the SPI field to be 0.  Otherwise, each implementation
has to optionally accept this content-free field, and, if diligent,
check it for correctness.

Does this serve any purpose?

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253

Prev by Date: Re: AH Last Call complaint: No source route protection in IPv4!
Next by Date: Re: is manual keying mandatory (fwd)
Prev by thread: Re: AH Last Call complaint: No source route protection in IPv4!
Next by thread: IKE SA Lifetime question
Index(es):
- Main
- Thread