[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: XAUTH?
It seems that we have a keyword overloading problem here, as the word
transaction is used in two different contexts:
A "configuration transaction" is a pair of messages wherein a set of
attributes is proposed (message 1) and then these attributes either accepted
or rejected (message 2).
An "XAuth transaction" is a series of ISAKMP-Config messages which leads to
the user being accepted or rejected.
Once you resolve the meaning of the word "transaction," I don't think it's
implied that each configuration transaction has to have a different message
id. The XAUTH draft is correct in stating (indirectly) that the message id
has to remain the same across multiple configuration transactions.
Andrew
_______________________________________________
Beauty without truth is insubstantial.
Truth without beauty is unbearable.
> -----Original Message-----
> From: Greg Carter [mailto:greg.carter@entrust.com]
> Sent: Wednesday, July 14, 1999 2:09 PM
> To: 'ipsec@lists.tislabs.com'
> Subject: XAUTH?
>
>
> Hi,
>
> Config Mode states:
>
> "A "Configuration Transaction" is defined as two configuration
> exchanges, the first being either a Set or a Request and the second
> being either an Acknowledge or a Reply, respectively.
>
> ...
> Transactions are completed once the Reply or Acknowledge code is
> received."
>
> To me this means that the message ID is unique for the
> transaction, either a
> Set-Ack or Request-Reply pair.
>
> However XAUTH states:
> All ISAKMP-Config messages in an extended authentication
> transaction MUST contain the same ISAKMP-Config message ID.
>
> And gives examples where a Request-Reply is followed by a
> Set-Ack and is
> referred to as a "transaction".
>
> Are the message ID's unique for the Request-Reply and Set-Ack
> in XAUTH or
> are they the same?
>
>
>
>
>