[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Agenda stuff
Tero Kivinen wrote:
> I wrote earlier, that we should define generic method of putting the
> message id of the negotiation inside the notification payload. The
> message id is the only way to uniquely identify the new group mode or
> transactional exchange:
>
> ----------------------------------------------------------------------
> Generic error/status notification to any phase II negotiation using
> message ID to identify the negotiation:
>
> o Payload Length - set to length of payload + size of data (var)
> o DOI - set to IPSEC DOI (1)
> o Protocol ID - set to PROTO_ISAKMP (1)
> o SPI Size - set to four (4) bytes (if it is sixteen (16),
> then SPI is two eight-octet ISAKMP cookies, and the error
> message is for the Phase I negotiation)
> o Notify Message Type - set to error code
> o SPI - set to the message ID (4 bytes) of the negotiation
> o Notification Data - fill in as normally.
> ----------------------------------------------------------------------
There is also the issue of Notification data which is not defined anywhere.
I think this field should be used in order to convey more detailed information on
the reason
of failure.
If I recall we had this discussion in the Raleigh Bakeoff but it was not resolved.
Some proposed to put in the proposal that failed the negotiation, we proposed to
put in
an ASCII string.
I think the first option is not generic enough since it can be used only with
regard to failing in
selecting an appropriate proposal. Comments?
--
========================================================================
Zegman Tamir
Encryption group, R&D Tel: +972-3-7534606
Check Point Software Tech. Ltd. Fax: +972-3-5759256
3A Jabotinsky St., Diamond Tower
Ramat-Gan 52520, ISRAEL
e-mail: zegman@checkpoint.com http://www.checkpoint.com
========================================================================
Follow-Ups:
References: