[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP DELETE payload



Pau-Chen,

> Yes, you are right. Does the draft also define a standard way
> to authenticate the payload, like a keyed-hash or signature
> should be computed over certain parts of the msg (or payload) ?

No. That is really dependent on the mechanisms negotiated. These
mechanisms will differ in most DOIs. So, in our case, the IPSEC DOI
document defines the mechanisms negotiable for IPSEC and the
ISAKMP/Oakley document defines how the hashes and/or signatures are
computed for ISAKMP exchanges.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* Douglas Maughan                Voice:  (301) 688-0847           *
* Technical Director, R23        Fax:    (301) 688-0255           *
* National Security Agency       E-mail: wdmaugh@tycho.ncsc.mil   *
* 9800 Savage Road                       maughan@cs.umbc.edu      *
* Fort Meade, MD. 20755-6000                                      *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *