[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Commit Bit Processing

To: "S. B. Kulkarni" <srinu@trinc.com>
Subject: Re: Commit Bit Processing
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Date: Wed, 31 Mar 1999 06:34:02 -0800
cc: ipsec@lists.tislabs.com, skelly@redcreek.com, rpereira@TimeStep.com, kivinen@ssh.fi, tjenkins@TimeStep.com
In-reply-to: Your message of "Tue, 30 Mar 1999 12:29:18 +0500." <3.0.1.32.19990330122918.00690b10@172.16.1.10>
Sender: owner-ipsec@lists.tislabs.com


> * Can the commit bit be set in any of the phases, I think some
> implementaions send INVALID_FLAG if it is set in phase-I.

The ISAKMP RFC says that it can be set during Phase 1, but no sane IKE
implementation would do this.

> * CONNECT notify, is it now treated as one of the Quick mode exchange ? and
> When sending CONNECT notify should we use running IV of the quick mode or
> calculate new IV ? if it is treated as part of quick mode exchange then we
> should use running of the Quick mode.

It's treated as part of the QM exchange and uses the QM running IV.

> * Can the initiator set the commit bit in case of Quick mode, because what
> RFC says is, who ever sets the commit bit should send the CONNECT notify,
> and there is no point in sending the CONNECT notify along with the third
> message of quick mode.

Again the RFCs are ambigous on this, but it only makes sense as something set
by the responder.

The other ambiguity (from previous bake-off experience) is whether the
initiator should reflect the COMMIT bit back in his final message.  While
there's no real value to it, there were implementations that expected this,
and so most implementations do so.

Derrell

References:

Commit Bit Processing

From: "S. B. Kulkarni" <srinu@trinc.com>

Prev by Date: mode-cfg implementations?
Next by Date: RE: Commit Bit Processing
Prev by thread: Commit Bit Processing
Next by thread: RE: Commit Bit Processing
Index(es):
- Main
- Thread