[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ISAKMP v08 comments
All,
As a reminder, I would like all comments on ISAKMP-08 by the end of the
week. I would like to have a new draft out by the 20th so it can go
forward to the IESG. I will include the items I presented at Munich
which were all interoperability issues. They are listed here:
* Text to clarify that Data Attributes fields contained in
Transform payloads are not aligned on 4-octet boundaries. If they
don't align then subsequent payloads will not be aligned and any
padding will be added at the end of the message as described in
ISAKMP-08 section 3.
* Text to clarify the use of IVs with respect to Informational
Exchanges, i.e. independence from IVs of other on-going
communication.
* Removal of # Cert Types and # Cert Auths fields from the
Certificate Request payload. This will eliminate parsing problems
for multiple certificates and authorities or non-existent
authorities (e.g. PGP) and multiple Certificate Request payloads can
be chained together to accomplish the same thing more efficiently.
* Adding an additional bit in the ISAKMP Header Flags field for
Authentication Only Information Exchange. This bit is intended for
use with the Informational Exchange with a Notify payload and will
allow passing information with integrity checking, but no encryption
(e.g. "emergency mode"). NOTE: The current I-D calls for all
Informational Exchanges to be sent under protection of an ISAKMP SA.
This is a slight modification to that policy.
Thanks,
Doug Maughan