[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Length field and ISAKMP-encrypted size



I have not seen it mentioned in discussion and I believe it is nowhere
mentioned in the drafts, what the state of affairs is if encryption on the
ISAKMP SA causes expansion.

I also believe ISAKMP presently requires the messages can be of unrounded
size, since some payloads are defined of arbitrary length; therefore
necessarily multi-byte encryptions can expand an ISAKMP message.

IT seems that necessarily, encryption can expand the size of an ISAKMP
message, but the Message Length field of the ISAKMP header must retain the
original length of the unencrypted message.  Therefore one must accept and
decrypt a received packet of length larger than described by the header
Message Length, up to the rounding required by the encryption method.

Can an authoritative person please confirm this rumor?  If this is not the
desired state of affairs, there needs to be clarification, and, I believe,
updates to the ISAKMP draft?


Best regards,
John Burke
jburke@cylink.com



Follow-Ups: