More inadequacies in draft-ietf-ipsec-ipsec-doi-03.txt...

Ben Rogers <ben@Ascend.COM> Tue, 09 September 1997 11:18 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id HAA25804 for ipsec-outgoing; Tue, 9 Sep 1997 07:18:08 -0400 (EDT)
Date: Mon, 08 Sep 1997 23:14:16 -0400
Message-Id: <199709090314.XAA04865@carp.morningstar.com>
From: Ben Rogers <ben@Ascend.COM>
To: ipsec@tis.com
Subject: More inadequacies in draft-ietf-ipsec-ipsec-doi-03.txt...
Reply-To: ben@Ascend.COM
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>From draft-ietf-ipsec-isakmp-08.txt:

    2.1 ISAKMP Terminology

    ...

    Security Parameter Index (SPI) An identifier for a Security Assocation,
    relative to some security protocol.  Each security protocol has its own
    ``SPI-space''.  A (security protocol, SPI) pair may uniquely identify an
    SA. The uniqueness of the SPI is implementation dependent, but could be
    based per system, per protocol, or other options.  Depending on the DOI,
    additional information (e.g.  host address) may be necessary to identify
    an SA. The DOI will also determine which SPIs (i.e.  initiator's or re-
    sponder's) are sent during communication.

Curiously the DOI does not define this.

Has anyone been able to produce interoperable code without using the
reference implementation?


ben