At 11:06 AM +0200 2/2/10, Yaron Sheffer wrote: >Here's a concrete rewording proposal. > >Old: > >The term "cookies" originates with Karn and Simpson [PHOTURIS] in Photuris, an >early proposal for key management with IPsec, and it has persisted. The >Internet Security Association and Key Management Protocol (ISAKMP) [ISAKMP] >fixed message header includes two eight-octet fields titled "cookies", and >that syntax is used by both IKEv1 and IKEv2, although in IKEv2 they are >referred to as the "IKE SPI" and there is a new separate field in a Notify >payload holding the cookie. The initial two eight-octet fields in the header >are used as a connection identifier at the beginning of IKE packets. Each >endpoint chooses one of the two SPIs and MUST choose them so as to be unique >identifiers of an IKE SA. An SPI value of zero is special and indicates that >the remote SPI value is not yet known by the sender. > >New: > >The initial two eight-octet fields in the header, termed "IKE SPIs", are used >as a connection identifier at the beginning of IKE packets. Each endpoint >chooses one of the two SPIs and MUST choose them so as to be unique >identifiers of an IKE SA. An SPI value of zero is special and indicates that >the remote SPI value is not yet known by the sender. > >[Add as the last paragraph of 2.6:] > >A note on terminology: the term "cookies" originates with Karn and Simpson >[PHOTURIS] in Photuris, an early proposal for key management with IPsec, and >it has persisted. The Internet Security Association and Key Management >Protocol (ISAKMP) [ISAKMP] fixed message header includes two eight-octet >fields titled "cookies", and that syntax is used by both IKEv1 and IKEv2, >although in IKEv2 they are referred to as the "IKE SPI" and there is a new >separate field in a Notify payload holding the cookie.
I support this change. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec