[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec DOI v7 - comment



Section 4.4.1 of ipsec-doi-v7 states :-

The ISAKMP proposal syntax was specifically designed to allow for 
the simultaneous negotiation of multiple security protocol suites 
within a single negotiation. As a result, the protocol suites listed 
below form the set of protocols that can be negotiated at the same 
time. It is a host policy decision as to what protocol suites might 
be negotiated together.

The following table lists the values for the Security Protocol 
Identifiers referenced in an ISAKMP Proposal Payload for the IPSEC 
DOI. 

Protocol ID              Value
RESERVED                0
PROTO-ISAKMP        1
PROTO-IPSEC-AH      2
PROTO-IPSEC-ESP     3
PROTO-IPCOMP         4

Q. When is it possible to negotiate a PROTO-ISAKMP SA AND 
PROTO-IPSEC-* SA "at the same time" 


Is it not the case that :
PROTO-ISAKMP is negotiated in phase 1 ONLY and
PROTO-IPSEC-*  negotiated in phase 2 ONLY


- Elfed


****************************************************
 "The views expressed above are entirely  those of
the writer and do not represent the views, policy or
understanding of  any other person or official body."

Elfed T. Weaver
DERA
Malvern
UK

weaver@hydra.dra.hmg.gb

****************************************************


Follow-Ups: