[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Manual SA SPI range
Lucent (Springtide) has reserved the SPI range from 256-4096 (non-inclusive
for no reasons) SPI value for manual SA's. Our SPI rekeying algorithm will
never generate SPI within that range.
Abbas Bagasra
-----Original Message-----
From: Henry Spencer [mailto:henry@spsystems.net]
Sent: Monday, January 15, 2001 11:33 PM
To: Brian Swander
Cc: ipsec@lists.tislabs.com
Subject: Re: Manual SA SPI range
On Mon, 15 Jan 2001, Brian Swander wrote:
> Does anyone know if there is a hard specification in any of the RFCs
> that nails down ranges for manual SA SPIs?
There isn't. SPIs below 256 are reserved for special purposes (only one
of them is currently assigned: 0 is reserved for system internal use and
may never appear in a packet), but there is no explicit assignment for
manual keying.
The Linux FreeS/WAN project has decided to reserve all three-digit hex
numbers, i.e. 0x100 through 0xfff, for manual keying (one-digit and
two-digit hex numbers being the special-purposes area), and its automatic
keying will never generate those. At the moment, I don't know of anybody
else who has copied this.
Henry Spencer
henry@spsystems.net