DOI draft question/request

[smamros@newoak.com (Shawn Mamros)]

A while back (mid-March), there was some discussion about the
possibility of adding an Identification Type named ID_KEY to the
list in section 4.6.2.1 of the DOI draft.  This ID type would be
an "opaque blob" that would aid those who needed to use Aggressive
Mode to supply an ID which would be used to select a pre-shared
key (when using that form of authentication), while still providing
some protection (or at least obfuscation) for the identity.  (I've
included a couple of relevant messages from that discussion at the
bottom of this message.)

I notice that the latest DOI draft does not contain this ID type.
Would it be possible to add it at this late date?  Thanks for your
consideration...

-Shawn Mamros
E-mail to: smamros@newoak.com

begin quoted text--------------------------------------------------
Message-ID: <332EF66B.7701@newoak.com>
Date: Tue, 18 Mar 1997 15:09:15 -0500
From: smamros@newoak.com (Shawn Mamros)
X-Mailer: Mozilla 4.0b2 (WinNT; I)
MIME-Version: 1.0
To: HUGO@watson.ibm.com
CC: dharkins@cisco.com, PAU@watson.ibm.com, piper@cisco.com,
ipsec@tis.com,
        smamros@newoak.com
Subject: Re: Comment on the ISAKMP/Oakley resolution draft (pre-shared)
X-Priority: 3 (Normal)
References: <199703172324.SAA50747@mailhub1.watson.ibm.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

After thinking about the issue some more and discussing it with
my coworkers, we're willing to go with the workaround proposed
by Pau-Chen, Dan and Hugo (i.e., using an opaque identifier in
Oakley Aggressive Mode to find the correct pre-shared key).
Thanks for the suggestion, guys...

One possibility that Hugo mentioned in one of his messages:
> In order to accomodate this key identifier one needs an
> "Identifiction Type Value" as defined in the Ipsec DOI
> (draft-ietf-ipsec-ipsec-doi-02.txt).
> This can be one of the "private" values to be agrred upon by the
> communicating parties, or we could have a type value (say 7) added in
> that draft for "ID_KEY".
> If there is no opposition to do so I would suggest this mininal editorial
> change to the DOI draft.

Ideally, I too would like to see an "official" value designated in
the DOI draft, if it's possible.  But I'm willing to live with a
private value if we have to...

-Shawn Mamros
E-mail to: smamros@newoak.com

Message-Id: <199703182022.MAA09677@fluffy.cisco.com>
To: smamros@newoak.com (Shawn Mamros)
cc: HUGO@watson.ibm.com, dharkins@cisco.com, PAU@watson.ibm.com,
        piper@cisco.com, ipsec@tis.com
Subject: Re: Comment on the ISAKMP/Oakley resolution draft (pre-shared) 
In-reply-to: Your message of "Tue, 18 Mar 1997 15:09:15 EST."
             <332EF66B.7701@newoak.com> 
Date: Tue, 18 Mar 1997 12:22:16 -0800
From: Derrell Piper <piper@cisco.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

This seems like a worthwhile addition.  I'll post an updated IPSEC DOI
before the Memphis deadline.  I have one other attribute that needs to
be added ("Key Length" for variable length ciphers like RC5).

Derrell

end quoted text----------------------------------------------------

---

Follow-Ups:

• Re: DOI draft question/request
• From: Derrell Piper <piper@cisco.com>

---

• Prev by Date: Re: new/pending/delayed work items
• Next by Date: Re: (IPng 4316) Question on Extension Header Order
• Prev by thread: Re: Internet Governance
• Next by thread: Re: DOI draft question/request
• Index(es):
  • Main
  • Thread