[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SA Attributes

To: ipsec@tis.com
Subject: SA Attributes
From: Valentin Oprean <valentin@celocom.se>
Date: Thu, 17 Sep 1998 14:07:15 +0200
Sender: owner-ipsec@ex.tis.com

Hello!
I am workin with a project and I wonder if I can have some clarification:

In ISAKMP/IKE, Phase I, suppose you are the initiator and you have to send
to B 2 different Security Association offers. Since in Phase I there can be
just one SA Payload with just one Proposal Payload, I think I have to put
the 2 offers as 2 Transform Payloads one immediately after the other-with
Transform_# 1 and 2 respectively and without nothing in between. Is that
correct?

Moreover, inside each Transform, how must I put the SA attributes? If I
look at page 25, draft:"The Internet Key Exchange", I understand I must
choose some of the attribute classes and then build up each Tranform
Payload in this way:

Generic header |transform 1 | key-ike | reserved |
attr_class_id X | relative chosen class_value Y |
attr_class_id XX | relative chosen class_value YY |
   .....
Generic header | transform 2 | key-ike | reserved |
attr_class_id X | relative chosen class_value Z |
attr_class_id XX | relative chosen class_value WW |
  .....
Is that correct?

Thank you.
Elisabetta

Prev by Date: AH in NAT device
Next by Date: Re: AH in NAT device
Prev by thread: Re: AH in NAT device
Next by thread: Network World article on IPSec
Index(es):
- Main
- Thread