[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ISAKMP - Remaining Issues
All,
In an attempt to finalize any remaining issues with ISAKMP, I think
there are two outstanding issues. They are:
> 1. ISAKMP Message Header Length field and data do not match
>
> (Matt Thomas - 29 Sep 97 e-mail)
> What if the ISAKMP Message Header Length field indicates a
> different length than the actual data? Length > Data = no
> action?, but Data > Length = Data Ignored or Message Trashed?
I know there was a flurry of e-mail surrounding this issue, but I don't
think there was any consensus about how things should be worded in the
I-D. Anybody want to give a *definitive* answer?
2. From Michael Richardson's e-mail and Roy Pereira's presentation at
the L.A. IETF IPSEC meeting.
> 11. Some vendors did not like ISAKMP packet to be padded to a multiple of 4
> bytes.
> Q: Does the spec allow this?
> A: There was some argument about whether this is REQUIRED.
> {ed: It would seem to fall into the "be conservative in what
> you generate and liberal in what you accept" }
Currently, section 3 of ISAKMP-09 says "Additionally, all ISAKMP
messages MUST be aligned at 4-octet boundaries." There has been some
debate about this in the past. How do the ISAKMP implementers want this
specified in the I-D so we can have interoperability?
Thanks,
Doug
Follow-Ups: