[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Manual SA SPI range

To: Brian Swander <briansw@Exchange.Microsoft.com>
Subject: Re: Manual SA SPI range
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 15 Jan 2001 23:32:44 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <5B90AD65A9E8934987DB0C8C07626574038DD0BC@DF-BOWWOW.platinum.corp.microsoft.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 15 Jan 2001, Brian Swander wrote:
> Does anyone know if there is a hard specification in any of the RFCs
> that nails down ranges for manual SA SPIs?

There isn't.  SPIs below 256 are reserved for special purposes (only one
of them is currently assigned:  0 is reserved for system internal use and
may never appear in a packet), but there is no explicit assignment for
manual keying. 

The Linux FreeS/WAN project has decided to reserve all three-digit hex
numbers, i.e. 0x100 through 0xfff, for manual keying (one-digit and
two-digit hex numbers being the special-purposes area), and its automatic
keying will never generate those.  At the moment, I don't know of anybody
else who has copied this. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Manual SA SPI range

From: ford@incog.com (Mike Ditto)

References:

Manual SA SPI range

From: "Brian Swander" <briansw@Exchange.Microsoft.com>

Prev by Date: Re: Protection of port 500
Next by Date: Re: Protection of port 500
Prev by thread: Re: Manual SA SPI range
Next by thread: Re: Manual SA SPI range
Index(es):
- Main
- Thread