[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP Notify and Delete payloads and Protocol-Id

To: ipsec@tis.com
Subject: ISAKMP Notify and Delete payloads and Protocol-Id
From: mamros@ftp.com (Shawn Mamros)
Date: Tue, 17 Dec 1996 14:41:59 -0500
Originating-Client: cavedog.ftp.com
Reply-To: mamros@ftp.com
Repository: mailserv-2high.ftp.com, [message accepted at Tue Dec 17 14:41:56 1996]
Sender: owner-ipsec@ex.tis.com

In the isakmp-06 draft, the Notify and Delete payloads both contain
a Protocol-Id field, so that the SPI(s) contained in those payloads
can be associated with the proper protocol SA(s) in question.

However, Protocol-Id values (other than value 1, which is always used
for the ISAKMP protocol itself) are defined in the DOI document, and
there is no field in the Notify and Delete payloads which specify which
DOI is being used.  (The only place the DOI is specified is in the
Security Association payload.)

I suppose that, as long as any new Protocol-Id values for any yet-to-
be-defined DOIs do not conflict with those already assigned for
IPSEC AH and IPSEC ESP, then this isn't a problem.  But, if there is
a possibility of conflict, then there will have to be some way to
associate the Protocol-Id with the proper DOI.  Adding a DOI field
to the Notify and Delete payloads might be one way to do this, if it's
needed.

So, I guess what I'm wondering is: Is there a possibility of conflicting
Protocol-Ids between different DOIs?  And, if so, what should be done
about it for the Notify and Delete payloads?  If, on the other hand,
there will be no conflicts - if all future Protocol-Ids will be unique,
regardless of DOI - then this should be stated somewhere.

-shawn

Prev by Date: Re: Another SA Attribute Question
Next by Date: FW: tunnel mode
Prev by thread: Re: Another SA Attribute Question
Next by thread: FW: tunnel mode
Index(es):
- Main
- Thread