[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Results of the IPSEC document reading party

To: ipsec@tis.com
Subject: Re: Results of the IPSEC document reading party
From: "Eric L. Wong" <ewong@zk3.dec.com>
Date: Fri, 23 Jan 1998 11:52:06 -0500
Sender: owner-ipsec@ex.tis.com

In the lastest 'draft-ietf-ipsec-isakmp-08.txt' draft, section 2.4 said 

> While bootstrapping secure channels between systems, ISAKMP cannot assume
> the existence of security services, and must provide some protections for
> itself.  Therefore, ISAKMP considers an ISAKMP Security Association to be
> different than other types, and manages ISAKMP SAs itself, in their own
> name space.  ISAKMP uses the two cookie fields in the ISAKMP header to
> identify ISAKMP SAs.  The Message ID and SPI fields in the ISAKMP Header
                                       ^^^^^^^^^^^^^^
> are used during SA establishment to identify the SA for other security
> protocols.  The interpretation of these four fields is dependent on the
> operation taking place.


I do not see a SPI field in the ISAKMP header, shown in section 3.1.
The text in the next paragraph seem more correct.  
I think they should be consistent.

> The following table shows the presence or absence of the cookies in the
> ISAKMP header, the ISAKMP Header Message ID field, and the SPI field in
                                                     ^^^^^^^^^^^^^^^^^^^^
> the Proposal payload for various operations.  An 'X' in the column means
> the value MUST be present.  An 'NA' in the column means a value in the
> column is Not Applicable to the operation.


/eric

Prev by Date: Re: Cookie exchange
Next by Date: Per-socket policy and ISAKMP
Prev by thread: Re: Results of the IPSEC document reading party
Next by thread: ANX bakeoff info
Index(es):
- Main
- Thread