[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Questions about use of AH and ESP in IKE

To: ipsec@tis.com
Subject: Questions about use of AH and ESP in IKE
From: "Catherine A. Meadows" <meadows@itd.nrl.navy.mil>
Date: Wed, 5 Aug 1998 18:00:39 -0400 (EDT)
Cc: meadows@itd.nrl.navy.mil
Sender: owner-ipsec@ex.tis.com

I've been working on a formal analysis of IKE.
Some questions have come up about the way it uses the protocols
(AH,ESP,etc.) that are specified in the SAs.   In particular, I'd like
to know

1.  Is the set of protocols currently supported by ISAKMP open-ended, or is it
limited to AH and ESP?

2.  Suppose that I'm sending the last message in a main mode phase one
exchange, or a message in a phase two exchange, and that I'm using
AH or ESP as the protocol. Since I'm using a phase one SA, it's identified
by a pair of cookies instead of by a SPI.  What do I put in the SPI field
of the AH or ESP header?  Both cookies?  One of the cookies?  If so, which one?

3. In a phase two exchange, it is possible to either transmit identities
explicitly, or not to transmit them and use the IP addresses as implicit
identities.  If I'm doing the latter, does it ever make sense to use
AH or ESP in transport mode to encrypt the messages in the phase two exchange? 

Thanks in advance,

Cathy Meadows
Naval Research Laboratory

Prev by Date: commit bit processing
Next by Date: Re: commit bit processing
Prev by thread: Re: commit bit processing
Next by thread: I-D ACTION:draft-ietf-ipsec-gkmframework-00.txt
Index(es):
- Main
- Thread