Re: S/WAN ISAKMP/Oakley testing...

[wdm@epoch.ncsc.mil (W. Douglas Maughan)]

Roy,
> 
> I'd like to talk about some of the 'magic' identifiers in ISAKMP.  I'm 
> talking about the values that aren't defined in v5 of the draft.
> 
> 
> - What transform ids are used for the ISAKMP proposal?
> - What ids are used for the ISAKMP proposal attributes "Group 
> Identifier", Encryption Alg", "Hash Alg", and "Auth Alg" ?
> - What is the format of a SA proposal TLV ? Is the type and length 16 
> bits each ? Or are they 8 bits each ?
> - What is the ESP Proposal attribute "Cryptographic Synch" used for 
> and when?
> - How do we transform a 8-byte ISAKMP SPI to a 4-byte ESP/AH SPI ?
> - The v5 ISAKMP draft states that the "Payload Length" in the SA 
> payload is "in 4-octet units", but this is incorrect and should by in 
> 1-octet units.
> - For the Certificate Payload, there aren't any identifiers for the 
> Certificate Type and there is only one identifier for the Certificate 
> Authority.
> - What ISAKMP exchange identifiers are used for the Oakley exchange 
> modes?
> - What is the Notify message error "CONNECTED" used for?
> - What is the Notification Data?  It's contents are not defined in the 
> Internet DOI.
> 
As mentioned in an e-mail by Dan Harkins yesterday, there will be new
drafts for ISAKMP, ISAKMP-Oakley Resolution, and the IP Security DOI
early next week (i.e. Tues or Wed.). I think they will answer most, if
not all, of the above "attribute" questions.

Doug Maughan

---

• Prev by Date: RE: compression and encryption
• Next by Date: RE: compression and encryption
• Prev by thread: S/WAN ISAKMP/Oakley testing...
• Next by thread: Re: Re[2]: compression and encryption
• Index(es):
  • Main
  • Thread