[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKE Quick Mode

To: "Daniel Harkins" <dharkins@cisco.com>, "'IPsec'" <ipsec@tis.com>
Subject: IKE Quick Mode
From: "Jeff Carr" <jcarr@broadcom.com>
Date: Sat, 7 Nov 1998 18:05:39 -0800
Importance: Normal
In-reply-to: <199811070229.SAA00471@chip.cisco.com>
Sender: owner-ipsec@ex.tis.com


I am not clear on the intent of IKE Quick Mode, when ISAKMP is acting as a
client negotiator on behalf of another party.  In this model described in
IKE <draft-ietf-isec-isakmp-oakley-08.txt>, the client identities are
included in the Identification Payload used in the Quick Mode messages.

I understand that the Responder is the guardian of local policy and will
establish the SA necessary or allowed for the two clients.  The client
negotiator, Initiator, is acting on behalf of the two clients to set the SA
and to acquire key material.  Question -- What assumptions are being made
wrt to the subsequent use of this information --- within compliance of  IKE?
Since only the Initiator and the Responder have the common ISKAMP SA for
generating the keying material --- is this intended as an SA between the
Initiator and Responder in support of the needs of the clients? ----- or is
the Quick Mode information sent back to the clients?

References:

Re: IBM VPN Bakeoff Issues

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: transform tunnel/transport attributes
Next by Date: Re: transform tunnel/transport attributes
Prev by thread: Re: IBM VPN Bakeoff Issues
Next by thread: Re: IBM VPN Bakeoff Issues
Index(es):
- Main
- Thread