[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKE: minor clarification suggestions

To: <ipsec@tis.com>
Subject: IKE: minor clarification suggestions
From: Charles Kunzinger <kunzinge@us.ibm.com>
Date: Fri, 2 Oct 1998 17:15:29 -0400
Sender: owner-ipsec@ex.tis.com

When I recently looked at the latest IKE draft (-08), I noticed two
minor areas that might be made a little bit clearer in furture updates:

1. There are four methods described for authentication within Phase 1,
and the content of Main Mode  "second exchange"( messages 3 and 4)
differs from case to case. The example formats given in Section
7.1, however, illustrate only the format for  "pre-shared key"
or "digital signature", showing only the KE and nonce fields.  It might
be worthwhile to expand the examples in this section to cover
the other two cases, where "IDs" , for example, are also
mandatory in these messages.  Or maybe just a few words to say that
the illustrated formats only cover some of the allowable methods?

2. In Sections 5.5 where we describe Phase 2 Quick Mode, we use the
same notation for nonces (Ni, Nr)as in used in sections 5.1-5.4 for
Phase 1 negotiations.  Since, for example, the Ni in Phase 2  is
chosen separately for each execution of Quick Mode and is not the
same as the Ni used in the Phase 1 negotiations, would it be
worthwile to have a different notation that distinguishes between them?
___________________________
Charles A Kunzinger (kunzinge@us.ibm.com)
TCP/IP Technology Management, JDGA/501, RTP
Phone: Tie 8-444-4142 ,  External 1-919-254-4142
Fax: Tie 8-444-6243,  External 1-919-254-6243
VM:  IBMUSM27(KUNZINGE)

Prev by Date: Re:
Next by Date: Re: Re-keying Issues Document
Prev by thread: RE: inbound policy verification
Next by thread: FW: I-D ACTION:draft-gleeson-vpn-framework-00.txt
Index(es):
- Main
- Thread