[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re[2]: ISAKMP commit and notify usage

To: Greg Carter <carterg@entrust.com>
Subject: RE: Re[2]: ISAKMP commit and notify usage
From: Tom_Markham@securecomputing.com (Tom Markham)
Date: Thu, 15 May 1997 09:46:45 -0500
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

>This is the conclusion I came to when implementing the commit bit.
>For phase 1 I check for exchange type, if its not Aggressive I'll signal
>Invalid flag if the commit bit is set.  It didn't seem to make much
>sense for Main Mode.
>----

I do not see anything in the ISAKMP spec which limits the use of the commit
bit to the agressive mode. Granted this may have been the driving reason
for the commit.

I would like to allow the general use of the commit bit by initiator or
responder in any mode. This allows support for security policies and
implementations (e.g. multicast) which may require ISAKMP to access another
machine prior to allowing encrypted traffic to flow.




Tom Markham                         markham@securecomputing.com
Secure Computing Corporation        Phone (612) 628-2754
2675 Long Lake Road                 Fax: (612) 628-2701
Roseville, MN 55113                 www.securecomputing.com

Follow-Ups:

Re: Re[2]: ISAKMP commit and notify usage

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Next by Date: Re: Re[2]: ISAKMP commit and notify usage
Prev by thread: RE: Re[2]: ISAKMP commit and notify usage
Next by thread: Re: Re[2]: ISAKMP commit and notify usage
Index(es):
- Main
- Thread