Misplaced Pages

Security Parameter Index

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Security Parameter Index" – news · newspapers · books · scholar · JSTOR (January 2017) (Learn how and when to remove this message)
The topic of this article may not meet Misplaced Pages's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted.
Find sources: "Security Parameter Index" – news · newspapers · books · scholar · JSTOR (February 2015) (Learn how and when to remove this message)
(Learn how and when to remove this message)

The Security Parameter Index (SPI) is an identification tag added to the header while using IPsec for tunneling the IP traffic. This tag helps the kernel discern between two traffic streams where different encryption rules and algorithms may be in use.

The SPI (as per RFC 2401) is a required part of an IPsec Security Association (SA) because it enables the receiving system to select the SA under which a received packet will be processed. An SPI has only local significance, since it is defined by the creator of the SA; an SPI is generally viewed as an opaque bit string. However, the creator of an SA may interpret the bits in an SPI to facilitate local processing.

This works like port numbers in TCP and UDP connections. What it means is that there could be different SAs used to provide security to one connection. An SA could therefore act as a set of rules.

Carried in Encapsulating Security Payload (ESP) header or Authentication Header (AH), its length is 32 bits.

References

  1. Kent, Stephen (December 2005). "IP Encapsulating Security Payload (ESP)". doi:10.17487/RFC4303. {{cite journal}}: Cite journal requires |journal= (help)


Stub icon

This Internet-related article is a stub. You can help Misplaced Pages by expanding it.

Categories: