[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on draft-ietf-ipsec-ike-01.txt (long)



Oops; missed that.

But that brings up another question: Would it not be appropriate for this
new exchange to have been defined as part of ISAKMP, and therefore be
available to other protocols that use ISAKMP?

(Yes, I know this document is not son-of-isakmp, it's son-of-ike...)

---
Tim Jenkins                       TimeStep Corporation
tjenkins@timestep.com          http://www.timestep.com
(613) 599-3610 x4304               Fax: (613) 599-3617



> -----Original Message-----
> From: Tero Kivinen [mailto:kivinen@ssh.fi]
> Sent: June 1, 1999 12:10 PM
> To: Tim Jenkins
> Cc: ipsec@lists.tislabs.com
> Subject: Comments on draft-ietf-ipsec-ike-01.txt (long)
> 
> 
> > 3) Acknowledged Information Exchange
> > 
> > I'm glad to see this was added. The use of an acknowledged 
> delete mechanism
> > will go a long way to improve SA management.
> > 
> > How does an implementation know when a peer supports this 
> exchange? It seems
> > to me that instead of giving it its own exchange number, 
> all that's been
> > done is the addition of a Nonce payload to the existing 
> informational
> > exchange.
> 
> It has its own exchange number:
> ----------------------------------------------------------------------
>    Additional Exchanges Defined-- XCHG values
> 
>       Quick Mode                         32
>       New Group Mode                     33
>       Acknowledged Informational         34
> ----------------------------------------------------------------------
> 
> So if other end returns invalid exchange type, then it doesn't support
> it... 
> -- 
> kivinen@iki.fi                               Work : +358-9-4354 3218
> SSH Communications Security                  http://www.ssh.fi/
> SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/
>