Any ideas on attached from anyone? jeff
-- BEGIN included message
- To: Tim Jenkins <tjenkins@TimeStep.com>
- Subject: Re: re-keying
- From: Jeff Pickering <jpickering@phase2net.com>
- Date: Tue, 13 Oct 1998 14:13:46 -0700
- Organization: phase2 networks
- References: <319A1C5F94C8D11192DE00805FBBADDF458CEA@exchange>
- Reply-To: jpickering@phase2net.com
Tim, Is the concept of simultaneous phase1 intiation supported in the architecture? I dont see anywhere in a spec that disallows this. If this is allowed, it would seem to me that the initial contact notification could cause problems: 1) Both end initiate phase1 at the same time. 2 Main mode exchanges are started. 2) Both ends receive the last initiator packet from the remote while waiting for a response to their own last initiator packet. 3) If these packets contain "intial contact", then both ends delete their own in process SA and get stuck??? It seems some absolute tie-breaker must be provided. For example, bgp uses router id to unambiguously resolve "connection collisions". Or am I missing something entirely??? regards, jeff Tim Jenkins wrote: > > From > > The Internet IP Security Domain of Interpretation for ISAKMP > <draft-ietf-ipsec-ipsec-doi-10.txt> > > ... > > 4.6.3.3 INITIAL-CONTACT > > The INITIAL-CONTACT status message may be used when one side wishes > > to inform the other that this is the first SA being established > with > the remote system. The receiver of this Notification Message might > > then elect to delete any existing SA's it has for the sending > system > under the assumption that the sending system has rebooted and no > longer has access to the original SA's and their associated keying > material. When used, the content of the Notification Data field > SHOULD be null (i.e. the Payload Length should be set to the fixed > length of Notification Payload). > > When present, the Notification Payload MUST have the following > format: > > o Payload Length - set to length of payload + size of data (0) > o DOI - set to IPSEC DOI (1) > o Protocol ID - set to selected Protocol ID from chosen SA > o SPI Size - set to sixteen (16) (two eight-octet ISAKMP > cookies) > o Notify Message Type - set to INITIAL-CONTACT > o SPI - set to the two ISAKMP cookies > o Notification Data - <not included> > > --- > Tim Jenkins TimeStep Corporation > tjenkins@timestep.com http://www.timestep.com > (613) 599-3610 x4304 Fax: (613) 599-3617 > > > -----Original Message----- > > From: Jeff Pickering [mailto:jpickering@phase2net.com] > > Sent: Tuesday, October 13, 1998 2:10 PM > > To: tjenkins@timestep.com > > Subject: re-keying > > > > > > Tim, > > > > I dont see "initial contact notification" described in any > > document. Can you give me a pointer? > > > > Thanks, > > jeff > >
-- END included message