[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP - Remaining Issues



All,

In an attempt to finalize any remaining issues with ISAKMP, I think
there are two outstanding issues. They are:

> 1. ISAKMP Message Header Length field and data do not match
>
>    (Matt Thomas - 29 Sep 97 e-mail)
> 	What if the ISAKMP Message Header Length field indicates a
>	different length than the actual data? Length > Data = no
>	action?, but Data > Length = Data Ignored or Message Trashed?

I know there was a flurry of e-mail surrounding this issue, but I don't
think there was any consensus about how things should be worded in the
I-D. Anybody want to give a *definitive* answer?


2. From Michael Richardson's e-mail and Roy Pereira's presentation at
the L.A. IETF IPSEC meeting.

>  11. Some vendors did not like ISAKMP packet to be padded to a multiple of 4
> 	bytes.
> 	Q: Does the spec allow this?
> 	A: There was some argument about whether this is REQUIRED.
> 	{ed: It would seem to fall into the "be conservative in what
> 	you generate and liberal in what you accept" }

Currently, section 3 of ISAKMP-09 says "Additionally, all ISAKMP
messages MUST be aligned at 4-octet boundaries." There has been some
debate about this in the past. How do the ISAKMP implementers want this
specified in the I-D so we can have interoperability?

Thanks,

Doug


Follow-Ups: