[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Class Type - Initialization Vector



  Greg,

> I think an IV Attribute Class needs to be defined in the isakmp-oakley
> draft.  There isn't one in the current draft.  I see that the cisco code
> uses one and since DES-CBC is mandatory it would appear that an iv
> attribute would also be needed (and mandatory).  A note on its use is
> also needed, ie do both sides start off with the same IV <suggested by
> the initiator> or do they exchange unique ones...

draft-ietf-ipsec-isakmp-oakley-02.txt mentions how to generate IVs in
appendix B. I don't really like the idea of negotiating an IV (or having
one side dictate the IV) and only reluctantly added it into the cisco code 
since there was no definition on how to get one in -00.txt.

Check out appendix B. Basically, both sides generate the same one
independently.

  regards,

    Dan.



References: