[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKE COMMIT/CONNECTED processing
I am with Derrell on this, my processing of the COMMIT bit requires the
message ID in the ISAKMP header to be the same as the QM exchange. I assume
it is the final message of the exchange.
----
Bithead Carter, Entrust Technologies
greg.carter@entrust.com
> ----------
> From: Derrell D. Piper[SMTP:ddp@network-alchemy.com]
> Sent: Saturday, June 13, 1998 2:36 PM
> To: ipsec@tis.com
> Subject: IKE COMMIT/CONNECTED processing
>
> Bitheads,
>
....
> Two solutions spring to mind:
>
> o ammend the ISAKMP COMMIT description to state that the message id
> for
> the CONNECTED Notify MUST be the associated QM message id
>
> o ammend the ISAKMP COMMIT description to state that the Notify
> payload
> for a CONNECTED message MUST contain the associated QM message id
>
> I implemented the first solution because the CONNECTED message is
> intricately
> tied to a previous QM exchange.
>
> Derrell
>