[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Quick Mode and KE payloads

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: Quick Mode and KE payloads
From: Greg Carter <carterg@entrust.com>
Date: Fri, 14 Feb 1997 09:07:46 -0500
Cc: "'isakmp-oakley@cisco.com'" <isakmp-oakley@cisco.com>
Sender: owner-ipsec@ex.tis.com

Referring to section 5.4 and Appendix A of ISAKMP\Oakley draft and
Section 4.5 of DOI draft.

ISAKMP\Oakley states that the group description attribute must be sent
for PFS in the SA being negotiated.  The appendix then states that
..."Phase two attributes are defined in the applicable DOI
specification, with the exception of a group description when Quick Mode
includes an ephemeral DH exchange...."

The above wording has me a little confused.

Attribute Classes

ISAKMP\Oakley Draft
Group Description	4

DOI Draft
Enc Key Life Duration	4


Is it intended that a Quick Mode which is doing PFS would include a
proposal payload with protocol ID of ISAKMP and that the proposal would
be AND with the non-ISAKMP proposals being negotiated, in order to
specify the group.  Or was it intended for the Group Description
attribute class to be unique across ISAKMP\Oakley and all DOIs so that
it maybe included in transform payloads in non-ISAKMP SAs during Quick
Mode exchanges.

I prefer the latter myself.

Thanks
Bye.
----
Greg Carter
Entrust Technologies
carterg@entrust.com

Follow-Ups:

Re: Quick Mode and KE payloads

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: test vectors for HMAC-SHA-1 - Test Data and Bad News
Next by Date: Re: test vectors for HMAC-SHA-1 - Test Data and Bad News
Prev by thread: Re: Straw Poll and Alignment
Next by thread: Re: Quick Mode and KE payloads
Index(es):
- Main
- Thread