[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP DELETE payload



[co-chair hat off]

It seems to me that the ISAKMP base document needs to explicitly state that
the DELETE payload MUST be ignored upon receipt unless it is properly
authenticated.

If we were to have the ISAKMP document specify how to compute the HASH or SIG,
then that would apply to all uses of ISAKMP (including those that might not be
using Oakley or IPsec).  Its not clear to me whether we want to do that or
whether it would be better to let the mechanism for the DELETE payload
authentication be specified on a per-DOI or per-SessionExchange basis.

Ran
rja@cisco.com



References: