[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2401bis Issue #71 -- Add definition of reserved SPIs

To: ipsec mailingList <ipsec@lists.tislabs.com>
Subject: 2401bis Issue #71 -- Add definition of reserved SPIs
From: Karen Seo <kseo@bbn.com>
Date: Fri, 12 Sep 2003 20:28:48 -0400
Cc: byfraser@cisco.com, tytso@mit.edu, "Angelos D. Keromytis" <angelos@cs.columbia.edu>, kivinen@ssh.fi, kseo@bbn.com
Sender: owner-ipsec@lists.tislabs.com

Folks,

Here's a description and proposed approach for:

IPsec Issue #:	71

Title:		Add definition of reserved SPIs

Description:
============
The definition of reserved SPIs is in the ESP and AH specs and not in 
2401.  Per private email from Steve Bellovin, it should be added to 
2401bis.


Proposed approach:
==================
Add text (based on text in AH and ESP) along the lines of:

"The set of SPI values in the range 1 through 255 are reserved by the 
Internet Assigned Numbers Authority (IANA) for future use.  A 
reserved SPI value will not normally be assigned by IANA unless the 
use of the assigned SPI value is specified in an RFC. The SPI value 
of zero (0) is reserved for local implementation-specific use and 
MUST NOT be sent on the wire.  For example, a key management 
implementation MAY use the zero SPI value to mean "No Security 
Association Exists" during the period when the IPsec implementation 
has requested that its key management entity establish a new SA, but 
the SA has not yet been established."


Thank you,
Karen

Prev by Date: 2401bis Issue #68 -- VPNs with overlapping IP address ranges
Next by Date: 2401bis Issue #70 -- Add diffserv (IPv4) and class (IPv6) asselectors
Prev by thread: Re:2401bis Issue #68 -- VPNs with overlapping IP address ranges
Next by thread: 2401bis Issue #70 -- Add diffserv (IPv4) and class (IPv6) asselectors
Index(es):
- Date
- Thread