[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: XAUTH?

To: Andrew Krywaniuk <akrywaniuk@TimeStep.com>, Greg Carter <greg.carter@entrust.com>, "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: RE: XAUTH?
From: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Date: Thu, 15 Jul 1999 04:37:59 -0400
Sender: owner-ipsec@lists.tislabs.com

Hi Greg,

	I guess there is some ambiguity. The text in the next rev. 
will be clarified.

in section 3, the following text

 All ISAKMP-Config messages in an extended authentication
   transaction MUST contain the same ISAKMP-Config message ID.

Will be changed to 

   An extended authentication transaction is defined as a series
   ISAKMP-Config messages.

   All ISAKMP-Config messages in an extended authentication transaction
   MUST contain the same ISAKMP-Config Identifier as well as the same 
   ISAKMP Message ID and continue to chain the IV for all messages in 
   the transaction.

Does this clarify things?

Stephane.
<-----Original Message-----
<From: Andrew Krywaniuk [mailto:akrywaniuk@TimeStep.com]
<Sent: Wednesday, July 14, 1999 4:40 PM
<To: Greg Carter; 'ipsec@lists.tislabs.com'
<Subject: RE: XAUTH?
<
<
<It seems that we have a keyword overloading problem here, as the word
<transaction is used in two different contexts:
<
<A "configuration transaction" is a pair of messages wherein a set of
<attributes is proposed (message 1) and then these attributes 
<either accepted
<or rejected (message 2).
<
<An "XAuth transaction" is a series of ISAKMP-Config messages 
<which leads to
<the user being accepted or rejected.
<
<Once you resolve the meaning of the word "transaction," I 
<don't think it's
<implied that each configuration transaction has to have a 
<different message
<id. The XAUTH draft is correct in stating (indirectly) that 
<the message id
<has to remain the same across multiple configuration transactions.
<
<Andrew
<_______________________________________________
< Beauty without truth is insubstantial.
< Truth without beauty is unbearable.
<
<
<> -----Original Message-----
<> From: Greg Carter [mailto:greg.carter@entrust.com]
<> Sent: Wednesday, July 14, 1999 2:09 PM
<> To: 'ipsec@lists.tislabs.com'
<> Subject: XAUTH?
<> 
<> 
<> Hi,
<> 
<> Config Mode states:
<> 
<>    "A "Configuration Transaction" is defined as two configuration
<>    exchanges, the first being either a Set or a Request and 
<the second
<>    being either an Acknowledge or a Reply, respectively.
<> 
<> ...
<>    Transactions are completed once the Reply or Acknowledge code is
<>    received."
<> 
<> To me this means that the message ID is unique for the 
<> transaction, either a
<> Set-Ack or Request-Reply pair.
<> 
<> However XAUTH states:
<> All ISAKMP-Config messages in an extended authentication
<>    transaction MUST contain the same ISAKMP-Config message ID.
<> 
<> And gives examples where a Request-Reply is followed by a 
<> Set-Ack and is
<> referred to as a "transaction".
<> 
<> Are the message ID's unique for the Request-Reply and Set-Ack 
<> in XAUTH or
<> are they the same?
<> 
<> 
<> 
<> 
<> 
<

Prev by Date: Timeout problems
Next by Date: Re: Comment on xauth and hybrid
Prev by thread: RE: XAUTH?
Next by thread: RE: XAUTH?
Index(es):
- Main
- Thread