[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

S/WAN ISAKMP/Oakley testing...



I'd like to talk about some of the 'magic' identifiers in ISAKMP.  I'm 
talking about the values that aren't defined in v5 of the draft.


- What transform ids are used for the ISAKMP proposal?
- What ids are used for the ISAKMP proposal attributes "Group 
Identifier", Encryption Alg", "Hash Alg", and "Auth Alg" ?
- What is the format of a SA proposal TLV ? Is the type and length 16 
bits each ? Or are they 8 bits each ?
- What is the ESP Proposal attribute "Cryptographic Synch" used for 
and when?
- How do we transform a 8-byte ISAKMP SPI to a 4-byte ESP/AH SPI ?
- The v5 ISAKMP draft states that the "Payload Length" in the SA 
payload is "in 4-octet units", but this is incorrect and should by in 
1-octet units.
- For the Certificate Payload, there aren't any identifiers for the 
Certificate Type and there is only one identifier for the Certificate 
Authority.
- What ISAKMP exchange identifiers are used for the Oakley exchange 
modes?
- What is the Notify message error "CONNECTED" used for?
- What is the Notification Data?  It's contents are not defined in the 
Internet DOI.


Thanks.





Unrecognized Data: application/ms-tnef