SPI and its length in the ISAKMP Proposal
John Burke <jburke@cylink.com> Wed, 10 September 1997 17:58 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id NAA07383 for ipsec-outgoing; Wed, 10 Sep 1997 13:58:27 -0400 (EDT)
Message-Id: <3.0.32.19970910105541.009b08a0@192.43.161.2>
X-Sender: jburke@192.43.161.2
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Wed, 10 Sep 1997 10:55:42 -0700
To: ipsec@tis.com
From: John Burke <jburke@cylink.com>
Subject: SPI and its length in the ISAKMP Proposal
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
A piddly, I don't know if anyone will have trouble on this point but someone might: I don't see where any specific SPI length is required in the Proposal Payload of the Phase I ISAKMP negotiation. It is prescribed that its value should be zero, in the ISAKMP draft ver-08, "2.4 Identifying Security Associations". This suggests to me that everyone is obliged to accept any SPI length in a Phase I Proposal payload; it is even arguable a SPI length of zero is acceptable here. Or an odd number, like 1, but that would be really wierd. I know that in specification of the Notify and Delete payloads it is prescribed that the SPI is the cookie pair; but I would say nothing says this applies to the Proposal case. If everyone is producing size 16 now then it would be reasonable for everyone to agree it should be so, and for that clarification to appear in a later draft. Our implementation is going to send SPI length 16 in these Proposals, but will accept all lengths. - John Burke
- SPI and its length in the ISAKMP Proposal John Burke
- Re: SPI and its length in the ISAKMP Proposal Daniel Harkins