ISAKMP v08 comments

[wdm@epoch.ncsc.mil (W. Douglas Maughan)]

All,

As a reminder, I would like all comments on ISAKMP-08 by the end of the
week. I would like to have a new draft out by the 20th so it can go
forward to the IESG. I will include the items I presented at Munich
which were all interoperability issues. They are listed here:

   *    Text to clarify that Data Attributes fields contained in
   Transform payloads are not aligned on 4-octet boundaries. If they
   don't align then subsequent payloads will not be aligned and any
   padding will be added at the end of the message as described in
   ISAKMP-08 section 3.

   *    Text to clarify the use of IVs with respect to Informational
   Exchanges, i.e. independence from IVs of other on-going
   communication.

   *    Removal of # Cert Types and # Cert Auths fields from the
   Certificate Request payload. This will eliminate parsing problems
   for multiple certificates and authorities or non-existent
   authorities (e.g. PGP) and multiple Certificate Request payloads can
   be chained together to accomplish the same thing more efficiently.

   *    Adding an additional bit in the ISAKMP Header Flags field for
   Authentication Only Information Exchange. This bit is intended for
   use with the Informational Exchange with a Notify payload and will
   allow passing information with integrity checking, but no encryption
   (e.g. "emergency mode"). NOTE: The current I-D calls for all
   Informational Exchanges to be sent under protection of an ISAKMP SA.
   This is a slight modification to that policy.

Thanks,

Doug Maughan

---

• Prev by Date: Initial cut at web page of companies implementing IPSEC
• Next by Date: Re: IPsec and Oakley test items
• Prev by thread: Initial cut at web page of companies implementing IPSEC
• Next by thread: ID: draft-ietf-ipsec-ipsec-doi-03.txt
• Index(es):
  • Main
  • Thread