[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KEI visa XCHG (ISAKMP & OAKLEY)

To: ipsec@TIS.COM
Subject: KEI visa XCHG (ISAKMP & OAKLEY)
From: Oliver Spatscheck <spatsch@cs.arizona.edu>
Date: Fri, 16 Aug 1996 10:01:56 -0700 (MST)
Reply-To: Oliver Spatscheck <spatsch@cs.arizona.edu>
Sender: ipsec-approval@neptune.tis.com

-----BEGIN PGP SIGNED MESSAGE-----

I am just implementing the ISAKMP header and realized that the xchg
field has only 4 bit. This seems to small. The Oakley modes has to be
handled as different exchange types as already mentioned by Mark.

However counting the 4 reserved exchange types and the 4 Oakley
exchange types there are only 8 other exchange types left. Considering
that we are currently designing a multicast key exchange protocol
using the ISAKMP framework I would strongly recommend to use 16 Bit in
the xchg field of the header.

Realizing this problem I was thinking about the Oakley KEI and
I don't think Oakley needs it's own KEI. Oakley main mode uses regular
DH key exchange or RSA encryption and the other Oakley modes don't use
key exchange payload at all.

Therefore a general KEI for DH, RSA encryption and a KEI for no key
exchange payload should be added.

The ISAKMP draft mentions Oakley multiple times as a key exchange
technique identified by a KEI. This is not true Oakley is a full size
exchange using sa, nonce, id, key exchange, signature and hash
payloads. The combination of selected attributes and used Oakley
mode defines the contents and presence of the hash, id, nonce and
signature payloads. There is no such thing as ONE Oakley KEI.

I forgot to mention in my last email that I am only implementing the
Oakley exchanges at this point. I am establishing the Phase 1 ISAKMP
SA using Oakley as I am using Oakley to establish the IPSEC SA.

It would be easy for me to add the ISAKMP exchanges or CISCO exchange.
However they all are less flexible than Oakley.

Oliver

- -----

Grad student and research assistant in computer science at the University of Arizona, Tucson, USA
For my PGP public key please check my homepage URL: http://www.cs.arizona.edu/people/spatsch

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMhSphznVPgUZ7uZJAQEywQQAiE+WqkNsyPzLI4PNpIA8wb6kuKpsBqoZ
7SNvv9AdBrKdBMVhCYScN03xnZheziU/765u+CD9nZxmBCBaseRA4wGT9sPHLku/
tE4EVIlTqmQDkrGcn/+w8K0BuJ5iroRWSiiODU+1bkXoRJtwd5m4WAeX2l/uAgMf
ZqBEn4zvfK4=
=a85z
-----END PGP SIGNATURE-----

Prev by Date: Apologies
Next by Date: Re: ...draft ...*skip*...
Prev by thread: Apologies
Next by thread: Re: KEI visa XCHG (ISAKMP & OAKLEY)
Index(es):
- Main
- Thread