[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Quick Mode and KE payloads

To: Greg Carter <carterg@entrust.com>
Subject: Re: Quick Mode and KE payloads
From: Daniel Harkins <dharkins@cisco.com>
Date: Fri, 14 Feb 1997 12:31:15 -0800
Cc: "'ipsec@tis.com'" <ipsec@tis.com>, "'isakmp-oakley@cisco.com'" <isakmp-oakley@cisco.com>
In-Reply-To: Your message of "Fri, 14 Feb 1997 09:07:46 EST." <c=CA%a=_%p=NorTel_Secure_Ne%l=GRANNY-970214140746Z-15250@bwdldb.ott.bnr.ca>
Sender: owner-ipsec@ex.tis.com

  Greg,

> ISAKMP\Oakley states that the group description attribute must be sent
> for PFS in the SA being negotiated.  The appendix then states that
> ..."Phase two attributes are defined in the applicable DOI
> specification, with the exception of a group description when Quick Mode
> includes an ephemeral DH exchange...."
> 
> The above wording has me a little confused.

Yes, it is confusing and has been changed. The "with the exeption of..."
has been stricken. All phase 2 attributes are specified by the applicable
DOI document.

> Attribute Classes
> 
> ISAKMP\Oakley Draft
> Group Description	4
> 
> DOI Draft
> Enc Key Life Duration	4

and:

  DOI Draft
  Group Description	8

Quick Mode with PFS specifies the group using this attribute.

  Dan.

References:

Quick Mode and KE payloads

From: Greg Carter <carterg@entrust.com>

Prev by Date: Re: test vectors for HMAC-SHA-1 - Test Data and Bad News
Next by Date: Re: 32 bit counter -- 96 bit HMAC-SHA/MD5
Prev by thread: Quick Mode and KE payloads
Next by thread: 32 bit counter -- 96 bit HMAC-SHA/MD5
Index(es):
- Main
- Thread