[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmp notify MID values

To: ipsec@tis.com
Subject: isakmp notify MID values
From: Jeff Pickering <jpickering@phase2net.com>
Date: Tue, 23 Jun 1998 08:06:55 -0700
Organization: phase2 networks
Reply-To: jpickering@phase2net.com
Sender: owner-ipsec@ex.tis.com

The IKE document (5.7) states that the MID used when sending
a notify should be unique to the info exchange. The ISAKMP doc
says it should be the MID associated with the current negotiation.
It seems there are reasons for both:
- You probably need the MID from the negotiation to identify
  the negotiation if you cant extract spi,doi from the offending
  packet, eg. payload validation doesnt pass.
- If you use the MID from the negotiation, encryption IV
  material can get unsynchronized.

Is there a concensus on this issue?

jeff

Prev by Date: RE: use of client IDs
Next by Date: RE: use of client IDs
Prev by thread: RE: Multiple Certificate Request Payloads
Next by thread: KEA and SKIPJACK declassified
Index(es):
- Main
- Thread