[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Deafening Silence

To: ipsec@TIS.COM, johara@ftp.com, spatsch@cs.arizona.edu
Subject: RE: Deafening Silence
From: pau@watson.ibm.com
Date: Thu, 10 Oct 1996 18:49:32 -0400
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Sender: ipsec-approval@neptune.tis.com

We are implementing ISAKMP/OAKLEY as well. But I do have some problems in
finding some "magic numbers". For example, when negotiating an ISAKMP SA,
you need to specify EHA; where are the numbers for E, H and A defined ?
For E, how should we pad the data ?

Also, when computing signature or hash for authentication, what kind of
data encoding is used ? I mean, if nonce is an input to hash, do you include
only the nonce value or the entire ISAKMP nonce payload or ... ?

Are such details specified any where ?

Thank you.

Regards, Pau-Chen


> From: "John T O'Hara" <johara@ftp.com>
> Subject: RE: Deafening Silence
> Date: Thu, 10 Oct 1996 13:45:36 -0400
> Content-Type: text/plain; charset=US-ASCII; X-MAPIextension=".TXT"
> Content-Transfer-Encoding: quoted-printable
> Sender: ipsec-approval@neptune.hq.tis.com
> Precedence: bulk
> Content-Length: 2453
> Status: RO
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> Oliver,
> 
> >I would be curious to know who is implementing ISAKMP/Oakley
> >at this point (who could interoperate in Jan/97)?
> 
> We, FTP Software, will certainly be aiming for it. Comments from others welcome here.
> 
> I think that the ISAKMP/OAKLEY draft was a first cut and that it's not enough for developers to implement from. The reason I suggested that we start discussing the draft was to elicit comments from the community, and pehaps to have either the original authors of the draft or a interested third party voluteer to edit the draft for ISAKMP/OAKLEY testathon use.
> 
> Without a more complete implementation draft I would venture to say that a testathon would not be as productive. I would recommend that discussions of the draft stay on this list for a while due to the wider audience.
> 
> John O'Hara
> 
> >I know about CISCO which implemented an EXTREMELY cut down
> >ISAKMP/Oakley version which does not support the general framework
> >very well. Using the name draft-ietf-ipsec-isakmp-oakley is kind of
> >misleading, I think. I agree with an earlier posting, that the
> >required ISAKMP/Oakley part has to be smaller than the whole
> >framework. But I think there are ways to restrict ISAKMP/Oakley
> >without unnecessarily complicating the not required case.
> 
> >The DOD implemented ISAKMP (Did they also do Oakley?).
> 
> >I implemented a key exchange framework which should handle the
> >complete ISAKMP/Oakley framework. At this point, however, my
> >implementation is still too unstable to be released to the general
> >public and incomplete in a sense that not all features are implemented
> >at this point.
> 
> >I also think that the drafts are not concrete enough so that 2
> >implementer would come up with interoperable implementations.
> >(I mean the ISAKMP and Oakley drafts not the
> >draft-ietf-ipsec-isakmp-oakley.)
> >I am working on a more detailed list of comments. I already mentioned
> >some of the bugs on this or the isakmp oakley mailing list and a fix
> >was promised for the next draft.
> 
> >Which drafts are considered as standards? I hope the ISAKMP and the
> >Oakley draft NOT the draft-ietf-ipsec-isakmp-oakley.
> 
> 
> >Oliver
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.9
> 
> iQCVAgUBMl02Mi/CgyjmiURDAQFGqgP+M9oK1psQGflMeLPM0eVIbv/F/iUeEQRP
> AVcE7qW22y01G+5DdWRhp1WB0ImI4kfndN1nJomSq23lm8VL+Bc8cmGNZ9qusVWM
> yCVNB9YGqovc/rVOLt5NRUyfvnYAKVqj6ShcPIzmMehph2NgtHwf6bMjyEmNCZk0
> 6/8rXYG5TsY=
> =nNFS
> -----END PGP SIGNATURE-----
> 
> 
>

Prev by Date: RE: Deafening Silence
Next by Date: Re: Deafening Silence
Prev by thread: RE: Deafening Silence
Next by thread: Re: Deafening Silence
Index(es):
- Main
- Thread