[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: S/WAN ISAKMP/Oakley testing...
Roy,
>
> I'd like to talk about some of the 'magic' identifiers in ISAKMP. I'm
> talking about the values that aren't defined in v5 of the draft.
>
>
> - What transform ids are used for the ISAKMP proposal?
> - What ids are used for the ISAKMP proposal attributes "Group
> Identifier", Encryption Alg", "Hash Alg", and "Auth Alg" ?
> - What is the format of a SA proposal TLV ? Is the type and length 16
> bits each ? Or are they 8 bits each ?
> - What is the ESP Proposal attribute "Cryptographic Synch" used for
> and when?
> - How do we transform a 8-byte ISAKMP SPI to a 4-byte ESP/AH SPI ?
> - The v5 ISAKMP draft states that the "Payload Length" in the SA
> payload is "in 4-octet units", but this is incorrect and should by in
> 1-octet units.
> - For the Certificate Payload, there aren't any identifiers for the
> Certificate Type and there is only one identifier for the Certificate
> Authority.
> - What ISAKMP exchange identifiers are used for the Oakley exchange
> modes?
> - What is the Notify message error "CONNECTED" used for?
> - What is the Notification Data? It's contents are not defined in the
> Internet DOI.
>
As mentioned in an e-mail by Dan Harkins yesterday, there will be new
drafts for ISAKMP, ISAKMP-Oakley Resolution, and the IP Security DOI
early next week (i.e. Tues or Wed.). I think they will answer most, if
not all, of the above "attribute" questions.
Doug Maughan