[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authentication Only Bit

To: ipsec@tis.com
Subject: Authentication Only Bit
From: Sumit Vakil <SVakil@vpnet.com>
Date: Mon, 18 May 1998 08:59:27 -0700
Sender: owner-ipsec@ex.tis.com

I'm having trouble understanding how to use the authentication only bit in
the ISAKMP header.  If this bit is set in the header, what algorithm and key
should be used to generate the authentication information?  What payload
should carry that information?  I looked through ISAKMP, IKE and the IPDOI,
but couldn't find a clear explanation on the use of this bit.

If the use of this bit involves using the ISAKMP SA (e.g. the hash payload
as described in section 5.7 of IKE), then why not just encrypt?  If SKEYID_a
is available, then, so is SKEYID_e, and hence the encryption key.  If the
intent was to allow sending authenticated notify messages without an
existing phase 1 SA, then a detailed explanation on choosing and using an
appropriate asymmetric key algorithm or pre-shared key is required.

Thanks,

Sumit A. Vakil
VPNet Technologies, Inc.

Prev by Date: Re: combining SA proposals in IKE [was: Some questions]
Next by Date: Re: combining SA proposals in IKE [was: Some questions]
Prev by thread: I-D ACTION:draft-ietf-ipsec-ipsec-doi-09.txt
Next by thread: Policy question
Index(es):
- Main
- Thread