[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ISAKMP DELETE payload
Doug, Pau-Chen,
> > Also, I would suggest that ISAKMP doc should state explicitly that a
> > DELETE payload should be sent together with a HASH paylaod, assuming that
> > is the intention of ISAKMP.
>
> Does this belong in the ISAKMP doc or in the ISAKMP/Oakley doc? The
> ISAKMP/Oakley doc outlines which of the ISAKMP exchanges it uses and
> then adds the additional ones. Should they also specify how to use
> Informational Exchanges within the context of an IPSEC DOI using Oakley
> or should this be done in the ISAKMP doc? If I specify it in the ISAKMP
> doc then any DOI/Key Exchange would have to use it in the way
> specified. The splitting of the details from the ISAKMP doc to the
> other docs was to eliminate this. Would appreciate any other opinions
> on this issue?
I think it belongs in the ISAKMP/Oakley doc. SKEYID_a is used to protect
the integrity of exchanges (e.g. Quick Mode) and it should be used to
protect this one.
Any other comments?
Dan.
Follow-Ups:
References: