[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SA payloads and Next payload

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: SA payloads and Next payload
From: Greg Carter <carterg@entrust.com>
Date: Wed, 15 Jan 1997 18:46:22 -0500
Sender: owner-ipsec@ex.tis.com

Hello All,
   Could those in the know please clarify the next payload for SA
payloads.  In the examples it is always set to PROPOSAL, but from the
wording of  the ISAKMP doc it suggests otherwise and my opinion is that
it should be otherwise, the next NON SA related payload ( ie in
aggresive mode it would be KE, NONE for Main Mode). 

Section 4.1 SA Establishment (Page 41 first paragraph)
..."An SA establishment message consists of a single SA payload followed
by AT LEAST one and possible many proposal and transform payloads."

so there isn't a need to look to the next payload of the SA header to
know that the data in the SA payload is in fact a proposal.  Since this
is in the ISAKMP doc I would assume that this would have to hold up
across any DOI.

Section 4.1 SA Establishment (Page 42 first paragraph)
..."Note that the Next Payload field of the proposal payload points to
another Proposal (if it exists)."

same section last paragraph
..."Note that the Next Payload field of the Transform payload points to
another Transform payload or 0."

So if we can't get it from the proposal or transform(which I don't think
would be a good idea anyways) then we have to get it from the SA header.

Thanks.
Bye.

----
Greg Carter
Entrust Technologies
carterg@entrust.com

Prev by Date: Key Material
Next by Date: Re: Key Material
Prev by thread: Re: Key Material
Next by thread: Re: SA payloads and Next payload
Index(es):
- Main
- Thread