[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on ISAKMP/Oakley
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 12 Aug 1996, Mark S. Schneider wrote:
>
> We see ISAKMP as a framework that permits negotiation of many security
> features, including the key exchange mechanism. The exchange types
> defined by the ISAKMP/Oakley resolution draft all have a defined key
> exchange. In this case the key exchange is not negotiable. To support
> negotiation of key exchange mechanisms, the three exchange types defined
> in ISAKMP are *required*. If they didn't exist, then it would be
> impossible to negotiatiate key exchange mechanisms.
>
> Actually, upon looking closer at the ISAKMP exchanges and Oakley exchanges,
> a generalization of the Oakley modes can be made in the ISAKMP draft. Since,
> as you note below, Oakley Main Mode is equivalent to ISAKMP's ID Protect
> exchange, then it seems that Oakley Aggressive, Quick, and New Group
> modes (maybe) can be generalized to ISAKMP Aggressive, Quick, and SA Only
> exchanges. The proposal could then include Oakley as the key exchange
> mechanism along with the specific Oakley group that should be used.
> Thoughts on this??
>
>
I completely agree. I also think the ISAKMP proposal fits the Oakley
requirements. Actually the way I am implementing ISAKMP/Oakley
currently uses the ISAKMP proposal with the Oakley KEI.
I made this decision since the payload formats in the current Oakley
draft don't match the current ISAKMP draft(In the hope that my
implementation will be close to the final standard).
Oliver
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBMg9j8znVPgUZ7uZJAQGxLwQAsnhP2jH8YS/ASD6daaxui9/lIWCkUbiJ
BSSyz/L2AJNfWa/K4xNVXn40CTs8orCsnGKqUwTwPZIBRciAZBanzn7YHOZ5b4Km
m5752x3ch1rOPYsjHHwi8xnOfSd0GyYTpAK61xwnCld2bx3oCLr9e++9C1PyfB0l
xV2G23Pg5Rk=
=UslG
-----END PGP SIGNATURE-----
References: