[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE COMMIT/CONNECTED processing



I am with Derrell on this, my processing of the COMMIT bit requires the
message ID in the ISAKMP header to be the same as the QM exchange.  I assume
it is the final message of the exchange.
----
Bithead Carter, Entrust Technologies
greg.carter@entrust.com


> ----------
> From: 	Derrell D. Piper[SMTP:ddp@network-alchemy.com]
> Sent: 	Saturday, June 13, 1998 2:36 PM
> To: 	ipsec@tis.com
> Subject: 	IKE COMMIT/CONNECTED processing
> 
> Bitheads,
> 
	....

> Two solutions spring to mind: 
> 
>     o  ammend the ISAKMP COMMIT description to state that the message id
> for
>        the CONNECTED Notify MUST be the associated QM message id
> 
>     o  ammend the ISAKMP COMMIT description to state that the Notify
> payload
>        for a CONNECTED message MUST contain the associated QM message id
> 
> I implemented the first solution because the CONNECTED message is
> intricately
> tied to a previous QM exchange.
> 
> Derrell
>