[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments on draft-ietf-ipsec-ike-01.txt (long)
Oops; missed that.
But that brings up another question: Would it not be appropriate for this
new exchange to have been defined as part of ISAKMP, and therefore be
available to other protocols that use ISAKMP?
(Yes, I know this document is not son-of-isakmp, it's son-of-ike...)
---
Tim Jenkins TimeStep Corporation
tjenkins@timestep.com http://www.timestep.com
(613) 599-3610 x4304 Fax: (613) 599-3617
> -----Original Message-----
> From: Tero Kivinen [mailto:kivinen@ssh.fi]
> Sent: June 1, 1999 12:10 PM
> To: Tim Jenkins
> Cc: ipsec@lists.tislabs.com
> Subject: Comments on draft-ietf-ipsec-ike-01.txt (long)
>
>
> > 3) Acknowledged Information Exchange
> >
> > I'm glad to see this was added. The use of an acknowledged
> delete mechanism
> > will go a long way to improve SA management.
> >
> > How does an implementation know when a peer supports this
> exchange? It seems
> > to me that instead of giving it its own exchange number,
> all that's been
> > done is the addition of a Nonce payload to the existing
> informational
> > exchange.
>
> It has its own exchange number:
> ----------------------------------------------------------------------
> Additional Exchanges Defined-- XCHG values
>
> Quick Mode 32
> New Group Mode 33
> Acknowledged Informational 34
> ----------------------------------------------------------------------
>
> So if other end returns invalid exchange type, then it doesn't support
> it...
> --
> kivinen@iki.fi Work : +358-9-4354 3218
> SSH Communications Security http://www.ssh.fi/
> SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
>