[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: XAUTH?
Hi Greg,
I guess there is some ambiguity. The text in the next rev.
will be clarified.
in section 3, the following text
All ISAKMP-Config messages in an extended authentication
transaction MUST contain the same ISAKMP-Config message ID.
Will be changed to
An extended authentication transaction is defined as a series
ISAKMP-Config messages.
All ISAKMP-Config messages in an extended authentication transaction
MUST contain the same ISAKMP-Config Identifier as well as the same
ISAKMP Message ID and continue to chain the IV for all messages in
the transaction.
Does this clarify things?
Stephane.
<-----Original Message-----
<From: Andrew Krywaniuk [mailto:akrywaniuk@TimeStep.com]
<Sent: Wednesday, July 14, 1999 4:40 PM
<To: Greg Carter; 'ipsec@lists.tislabs.com'
<Subject: RE: XAUTH?
<
<
<It seems that we have a keyword overloading problem here, as the word
<transaction is used in two different contexts:
<
<A "configuration transaction" is a pair of messages wherein a set of
<attributes is proposed (message 1) and then these attributes
<either accepted
<or rejected (message 2).
<
<An "XAuth transaction" is a series of ISAKMP-Config messages
<which leads to
<the user being accepted or rejected.
<
<Once you resolve the meaning of the word "transaction," I
<don't think it's
<implied that each configuration transaction has to have a
<different message
<id. The XAUTH draft is correct in stating (indirectly) that
<the message id
<has to remain the same across multiple configuration transactions.
<
<Andrew
<_______________________________________________
< Beauty without truth is insubstantial.
< Truth without beauty is unbearable.
<
<
<> -----Original Message-----
<> From: Greg Carter [mailto:greg.carter@entrust.com]
<> Sent: Wednesday, July 14, 1999 2:09 PM
<> To: 'ipsec@lists.tislabs.com'
<> Subject: XAUTH?
<>
<>
<> Hi,
<>
<> Config Mode states:
<>
<> "A "Configuration Transaction" is defined as two configuration
<> exchanges, the first being either a Set or a Request and
<the second
<> being either an Acknowledge or a Reply, respectively.
<>
<> ...
<> Transactions are completed once the Reply or Acknowledge code is
<> received."
<>
<> To me this means that the message ID is unique for the
<> transaction, either a
<> Set-Ack or Request-Reply pair.
<>
<> However XAUTH states:
<> All ISAKMP-Config messages in an extended authentication
<> transaction MUST contain the same ISAKMP-Config message ID.
<>
<> And gives examples where a Request-Reply is followed by a
<> Set-Ack and is
<> referred to as a "transaction".
<>
<> Are the message ID's unique for the Request-Reply and Set-Ack
<> in XAUTH or
<> are they the same?
<>
<>
<>
<>
<>
<