[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: question on SPI

To: "'mahdavi'" <mahdavi@sepahan.iut.ac.ir>, Pars MUTAF <pars.mutaf@inrialpes.fr>
Subject: RE: question on SPI
From: "Mason, David" <David_Mason@nai.com>
Date: Wed, 29 Aug 2001 07:27:04 -0700
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

It was suggested a while back that the lower SPIs be reserved for manual
SAs.  I don't believe this is in the RFCs anywhere, but I would suggest not
using small SPIs for IKE generated IPsec SAs.  The RFCs do state that you
should not use 0-255.

-dave

-----Original Message-----
From: mahdavi [mailto:mahdavi@sepahan.iut.ac.ir]
Sent: Wednesday, August 29, 2001 3:20 AM
To: Pars MUTAF
Cc: ipsec@lists.tislabs.com
Subject: Re: question on SPI


you can generate it every way you want . but random is better. just behalf
ipsec must agree with it and also it must not be used for another SA.
----- Original Message -----
From: "Pars MUTAF" <pars.mutaf@inrialpes.fr>
Cc: <ipsec@lists.tislabs.com>
Sent: Thursday, August 23, 2001 10:43 PM
Subject: question on SPI


>
> Hi all;
>
> How a host picks the SPIs when establishing SAs?
> (i.e., randomly? consecutively?)
>
> Any limitation, suggestion (or documentation)
> on that?
>
> Help please! Thank you...
>
> Regards,
> pars
>

Prev by Date: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment
Next by Date: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment
Prev by thread: Re: question on SPI
Next by thread: Re: question on SPI
Index(es):
- Main
- Thread