[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Three fields: cookie, nonce, and SPI

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: Three fields: cookie, nonce, and SPI
From: Derrell Piper <ddp@electric-loft.org>
Date: Mon, 2 Dec 2002 15:46:03 -0800
Cc: ipsec@lists.tislabs.com
In-Reply-To: <200212021850.gB2IoJsB005542@sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com

On Monday, December 2, 2002, at 10:50 AM, Michael Richardson wrote:

>   Would it be reasonable to keep the same SPI# as a *persistent* 
> connection
> identifier? i.e. that remains the same across rekeys?
>   it also makes is much more clear what one is deleting.

I like this suggestion a lot!  It would be a big help to REQUIRE this 
across rekeys.

I also agree with Radia's assessment that it would be good to have 
individual fields as you're very likely to want to derive SPI's using a 
different mechanism than you'd use to generate the anti-clogging tokens 
(cookies).

Derrell

References:
- Re: Three fields: cookie, nonce, and SPI
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: Handling of IPcomp in IKEv2
Next by Date: Re: IKEv2 use of HMAC-SHA-1 for Key Derivation
Prev by thread: Re: Three fields: cookie, nonce, and SPI
Next by thread: IKEv2 transport concerns
Index(es):
- Date
- Thread