[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed changes to ISAKMP/Oakley

To: Derrell Piper <piper@cisco.com>
Subject: Re: proposed changes to ISAKMP/Oakley
From: Daniel Harkins <dharkins@cisco.com>
Date: Mon, 13 Oct 1997 11:32:31 -0700
Cc: ipsec@tis.com
In-Reply-To: Your message of "Mon, 13 Oct 1997 09:13:42 PDT." <199710131613.JAA25632@pita.cisco.com>
Sender: owner-ipsec@ex.tis.com

  Derrell,

> Would you also entertain the notion of mandating that the SA payload be
> first in all Phase I exchanges?

  It may get terribly bored. I'm not much of a host. :-)
In section "5. Exchanges" right before "5.1 ISAKMP/Oakley Phase 1...."
I'll add:

	"The SA payload must precede all other payloads in a phase 1
	 exchange".

In section "5.6 Phase 2 - Quick Mode" I'll change:

	"In Quick Mode, a HASH payload MUST immediately follow the 
	 ISAKMP header."
to
	"In Quick Mode, a HASH payload MUST immediately follow the 
	 ISAKMP header and a SA payload MUST immediately follow the HASH."

To clear up any confusion on the hash payloads of Quick Mode I also added
the following paragraph after the definition of HASH(1-3):

	"With the exception of the HASH, SA, and the optional ID payloads, 
	 there are no payload ordering restrictions on Quick Mode. HASH(1) 
	 and HASH(2) may differ from the illustration above if the order of 
	 payloads in the message differs from the illustrative example."

  Dan.

References:

Re: proposed changes to ISAKMP/Oakley

From: Derrell Piper <piper@cisco.com>

Prev by Date: Re: proposed changes to ISAKMP/Oakley
Next by Date: Re: proposed changes to ISAKMP/Oakley
Prev by thread: Re: proposed changes to ISAKMP/Oakley
Next by thread: Re: proposed changes to ISAKMP/Oakley
Index(es):
- Main
- Thread