[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP alignment question



Section 3 of the isakmp-08 draft (just before section 3.1) states:
"[...] all ISAKMP messages MUST be aligned at 4-octet multiples."
This was a wording change from the previous draft (-07), which stated
that "all ISAKMP payloads MUST be aligned at 4-octet multiples."

Does the change from "payloads" to "messages" mean that individual
payloads within a message no longer have any requirements for byte
alignment?  I'll try to illustrate by example...

IP compression can now be negotiated within the IPSEC DOI.  IP
compression specifies a two-octet compression parameter index (CPI).
I assume that, in an ISAKMP Proposal payload which specifies IP
compression, the SPI in the Proposal would actually be the CPI, and
the SPI Size field will specify two octets as the length of the SPI.
Would the first Transform payload for the proposal follow immediately
after the two octet SPI/CPI (i.e., no byte alignment requirement for
the Transform payload), or would the Transform payload need to be
aligned on the nearest four-octet boundary (requiring two octets
in between the end of the SPI/CPI and the start of the Transform)?
The Payload Length of the Proposal offers no help here, since that
length must include the length(s) of any Transform(s) associated
with the proposal.

Any and all answers will be appreciated.  Thanks...

-Shawn Mamros
E-mail to: smamros@BayNetworks.com
(also smamros@newoak.com)