[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Results of the IPSEC document reading party
In the lastest 'draft-ietf-ipsec-isakmp-08.txt' draft, section 2.4 said
> While bootstrapping secure channels between systems, ISAKMP cannot assume
> the existence of security services, and must provide some protections for
> itself. Therefore, ISAKMP considers an ISAKMP Security Association to be
> different than other types, and manages ISAKMP SAs itself, in their own
> name space. ISAKMP uses the two cookie fields in the ISAKMP header to
> identify ISAKMP SAs. The Message ID and SPI fields in the ISAKMP Header
^^^^^^^^^^^^^^
> are used during SA establishment to identify the SA for other security
> protocols. The interpretation of these four fields is dependent on the
> operation taking place.
I do not see a SPI field in the ISAKMP header, shown in section 3.1.
The text in the next paragraph seem more correct.
I think they should be consistent.
> The following table shows the presence or absence of the cookies in the
> ISAKMP header, the ISAKMP Header Message ID field, and the SPI field in
^^^^^^^^^^^^^^^^^^^^
> the Proposal payload for various operations. An 'X' in the column means
> the value MUST be present. An 'NA' in the column means a value in the
> column is Not Applicable to the operation.
/eric