Re: draft-ietf-ipsec-notifymsg-00.txt

["Scott G. Kelly" <skelly@redcreek.com>]

Hi Valery,

Valery Smyslov wrote:
> 
> Scott, some comments below.
> 
> First of all, most of described error messages are applicable not
> only to phase 1 or 2, but also to New Group mode and Transaction
> mode. The problem is that the latter two either don't have SPI
> (Transaction mode) or it is dummy (New Group). So, you need Message
> ID to include to Notify payload to unambiguously indentify exchange.
> Although you've included it into differentiators of most messages,
> you, in general, don't put them into transferred data. Note, that
> message ID from ISAKMP header is different and cannot be used if
> separate informational exchange is used.
> 
> This problem was discussed (and one solution proposed) in Tero
> Kivinen's message to the list <199812031546.RAA06867@torni.ssh.fi>
> from 3 Dec 1998.

Yes, I see that there are some issues here, and thanks for the message
pointer. I went back and reviewed this thread, and also saw what Tamir
meant by "attributes pair" in his earlier email, which I mistakenly took
to mean something else when I read his email earlier today (e.g.
TM="here's an example error message").

I think Kivinen's suggestion in that thread makes sense, i.e. use the
SPI field for the message ID, and also think Tamir's subsquent
suggestion to use attribute lists makes sense, at least in some cases. I
need to give this more thought, but wanted to reply to your suggestions.

More later.

Scott

---

Follow-Ups:

• Re: draft-ietf-ipsec-notifymsg-00.txt
• From: Anupama Potluri <anupama@trinc.com>

References:

• Re: draft-ietf-ipsec-notifymsg-00.txt
• From: "Valery Smyslov" <svan@trustworks.com>

---

• Prev by Date: No Subject
• Next by Date: Re: Comments on draft-ietf-ipsec-ike-01.txt
• Prev by thread: Re: draft-ietf-ipsec-notifymsg-00.txt
• Next by thread: Re: draft-ietf-ipsec-notifymsg-00.txt
• Index(es):
  • Main
  • Thread