[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SA payloads and Next payload
Greg,
The Last Call for ISAKMP has completed. I am working on making
editorial changes based on comments from several people. Here's the
latest on your question, so feel free to let me know if you (or anyone)
disagrees.
> Could those in the know please clarify the next payload for SA
> payloads. In the examples it is always set to PROPOSAL, but from the
> wording of the ISAKMP doc it suggests otherwise and my opinion is that
> it should be otherwise, the next NON SA related payload ( ie in
> aggresive mode it would be KE, NONE for Main Mode).
The Next Payload field of an SA payload will point to the next payload
of the message (if one exists) and not to the Proposal payload as
version 6 of the draft specifies.
> Section 4.1 SA Establishment (Page 41 first paragraph)
> ..."An SA establishment message consists of a single SA payload followed
> by AT LEAST one and possible many proposal and transform payloads."
>
> so there isn't a need to look to the next payload of the SA header to
> know that the data in the SA payload is in fact a proposal. Since this
> is in the ISAKMP doc I would assume that this would have to hold up
> across any DOI.
Correct.
> Section 4.1 SA Establishment (Page 42 first paragraph)
> ..."Note that the Next Payload field of the proposal payload points to
> another Proposal (if it exists)."
>
> same section last paragraph
> ..."Note that the Next Payload field of the Transform payload points to
> another Transform payload or 0."
>
> So if we can't get it from the proposal or transform(which I don't think
> would be a good idea anyways) then we have to get it from the SA header.
Correct.
Regards,
Doug