[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ISAKMP SPI
draft-ietf-ipsec-isakmp-09.txt section 2.4 "Identifying Security
Associations" says:
During phase 1 negotiations, the initiator and responder cookies deter-
mine the ISAKMP SA. Therefore, the SPI field in the Proposal payload is
redundant and MAY be set to 0 or it MAY contain the transmitting entity's
cookie.
This seems like a useless option. Surely things would be simpler if
we just require the SPI field to be 0. Otherwise, each implementation
has to optionally accept this content-free field, and, if diligent,
check it for correctness.
Does this serve any purpose?
Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253