[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

need help understanding the Commit bit

To: ipsec@tis.com
Subject: need help understanding the Commit bit
From: Biao Wang <Biao@routerware.com>
Date: Wed, 22 Jul 1998 02:40:16 -0700
Sender: owner-ipsec@ex.tis.com

[ The Commit Bit can be set (at anytime) by either party participating
        in the SA establishment, and can be used during both phases of
an
        ISAKMP SA establishment. ...]

[... In this instance, the Message ID
        field of the Informational Exchange MUST contain the Message ID
of
        the original ISAKMP Phase 2 SA negotiation.  This is done to
ensure
        that the Informational Exchange with the CONNECTED Notify
Message can
        be associated with the correct Phase 2 SA.]

The Commit/CONNTECTED exchange can happend completely within Phase
1(e.g. in Identity Protection Exchange/IKE Main Mode), then why the
above discussion make it tie to Phase 2 ??? Really confused here. Let's
assume it happens in phase 1, then where is the "original ISAKMP Phase 2
SA negotiation" coming from? We are still in phase I right? why do we
need to associate with "the correct phase 2 SA]?

Thanks for any comment.

Biao
RouterWare Inc.

Prev by Date: Re: Comments on "Hybrid Auth. mode for IKE"
Next by Date: RE: Comments on "Hybrid Auth. mode for IKE"
Prev by thread: Re: Comments on "Hybrid Auth. mode for IKE"
Next by thread: PFKEYv2 and IKEd.
Index(es):
- Main
- Thread