[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

commit bit processing



  More inconsistencies....sigh.

  The base ISAKMP draft contains some contradictory language concerning the 
use of the commit bit. In discussions with other vendors about how they
interpreted the contradictions the following theme came out: if the commit
bit is set in a phase 1 exchange send back INVALID_FLAGS and regardless of
who set the bit (initiator or responder) the responder sends the CONNECTED
message back as the final message. Yes, that's not 100% compliant with what
the draft (RFC?) says but it is impossible to be 100% compliant. And since
it doesn't make any sense to send a COMMIT in a phase 1 exchange it doesn't
make any sense to support that.

  But! Another conflict has arisen. Two vendors interpreted the aforementioned
contradictory text the same way but still do not interoperate. One vendor 
read the ISAKMP text where it says that the CONNECTED message is sent in an 
Informational Exchange with the message ID of the phase 2 (Quick Mode 
Exchange) to which it applies and then read IKE where it says all 
Informational Exchanges must have a unique message ID. Weighing these two 
issues and since the state that's waiting around for this message is part of 
the Quick Mode, this vendor implemented his IKE to expect the CONNECTED 
notify in a message whose exchange is Quick Mode. Another vendor read the 
same text and tried to be as faithful as possible to the ISAKMP draft and 
sends the CONNECTED notify in an Informational Exchange with the message ID 
of the Quick Mode, and has plumbing to clean up the right Quick Mode state
with the Informational message.

  Can those of you who've implemented the COMMIT bit in your code announce 
how you've done it. The text in one or both of those drafts (RFCs?) has got
to change and it really doesn't matter how, whether the first vendor or the
second vendor ends up changing his code isn't important. It would just be
nice to get a feeling on how the WG wants to go and how the drafts (RFCs?)
will eventually get rewritten to be consistent so that one of these guys
can change his code. So, which way is right? Informational or Quick Mode?

  Dan.



Follow-Ups: