[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Manual SA SPI range

To: "'Henry Spencer'" <henry@spsystems.net>, Brian Swander<briansw@Exchange.Microsoft.com>
Subject: RE: Manual SA SPI range
From: "Bagasrawala, Abbas" <abagasrawala@lucent.com>
Date: Fri, 19 Jan 2001 16:27:57 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Lucent (Springtide) has reserved the SPI range from 256-4096 (non-inclusive
for no reasons) SPI value for manual SA's. Our SPI rekeying algorithm will
never generate SPI within that range.

Abbas Bagasra

-----Original Message-----
From: Henry Spencer [mailto:henry@spsystems.net]
Sent: Monday, January 15, 2001 11:33 PM
To: Brian Swander
Cc: ipsec@lists.tislabs.com
Subject: Re: Manual SA SPI range

On Mon, 15 Jan 2001, Brian Swander wrote:
 > Does anyone know if there is a hard specification in any of the RFCs
 > that nails down ranges for manual SA SPIs?

There isn't.  SPIs below 256 are reserved for special purposes (only one
of them is currently assigned:  0 is reserved for system internal use and
may never appear in a packet), but there is no explicit assignment for
manual keying. 

The Linux FreeS/WAN project has decided to reserve all three-digit hex
numbers, i.e. 0x100 through 0xfff, for manual keying (one-digit and
two-digit hex numbers being the special-purposes area), and its automatic
keying will never generate those.  At the moment, I don't know of anybody
else who has copied this. 

                                                           Henry Spencer
                                                        henry@spsystems.net

Prev by Date: RE: ipsec error protocol
Next by Date: RE: Manual SA SPI range
Prev by thread: Re: Manual SA SPI range
Next by thread: RE: Manual SA SPI range
Index(es):
- Main
- Thread