Security Parameters Index: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 13:23, 25 September 2008 edit Tinucherian (talk \| contribs) Extended confirmed users 54,330 edits General fixes and clean up using AWB ← Previous edit		Latest revision as of 09:01, 8 July 2025 edit undo Anohthterwikipedian (talk \| contribs) Extended confirmed users 999 edits m Anohthterwikipedian moved page Security Parameter Index to Security Parameters Index: Requested by Datalouie at WP:RM/TR: The RFCs (at least the modern / non-obsolete ones) consistently write out SPI as "Security Parameters Index", note the plural Parameters. The Wikipedia IPSec article also does so, except when referring to this SPI article specifically.
(18 intermediate revisions by 16 users not shown)
Line 1: {{Multiple issues\| The '''Security Parameter Index''' (SPI) is an identification tag added to the header while using [[IPSec]] for tunneling the IP traffic. This tag helps the kernel discern between two traffic streams where different encryption rules and algorithms may be in use.▼ {{More citations needed\|date=January 2017}} {{Notability\|date=February 2015}} }} ▲The '''Security Parameter Index''' (SPI) is an identification tag added to the header while using [[~~IPSec~~IPsec]] for tunneling the IP traffic. This tag helps the kernel discern between two traffic streams where different encryption rules and algorithms may be in use. The SPI (as per RFC 2401) is an essential part of an [[IPSec]] SA ([[Security Association]]) because it enables the receiving system to select the SA under which a received packet will be processed. An SPI has only local significance, since is defined by the creator of the SA; an SPI is generally viewed as an opaque bit string. However, the creator of an SA may interpret the bits in an SPI to facilitate local processing.▼ ▲The SPI (as per RFC ~~2401~~4301) is ana ~~essential~~required part of an ~~[[IPSec]]~~IPsec ~~SA (~~[[Security Association]] (SA) because it enables the receiving system to select the SA under which a received packet will be processed.{{Ref RFC\|4301}} An SPI has only local significance, since it is defined by the creator of the SA; an SPI is generally viewed as an opaque bit string. However, the creator of an SA may interpret the bits in an SPI to facilitate local processing. This works like Port numbers in TCP and UDP connections. What it means is that there could be different SAs used to provide security to one connection. An SA could therefore act as a set of rules.▼ ▲This works like ~~Port~~port numbers in TCP and UDP connections. What it means is that there could be different SAs used to provide security to one connection. An SA could therefore act as a set of rules. Carried in [[IPsec#Encapsulating Security Payload\|Encapsulating Security Payload (ESP)]] header or [[IPsec#Authentication Header\|Authentication Header (AH)]], its length is 32 bits.<ref>{{Cite journal\|url=https://tools.ietf.org/html/rfc4303#section-2.1\|title = IP Encapsulating Security Payload (ESP)\|date = December 2005\|last1 = Kent\|first1 = Stephen\| doi=10.17487/RFC4303 \|url-access = subscription}}</ref> ==References== {{Reflist}} [[Category:IPsec]] [[Category:Internet protocols]] {{~~Compu~~internet-stub}}