[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: XAUTH is broken

To: Joern Sierwald <joern.sierwald@datafellows.com>, ipsec@lists.tislabs.com
Subject: RE: XAUTH is broken
From: Stephane Beaulieu <sbeaulieu@TimeStep.com>
Date: Fri, 23 Jul 1999 09:51:41 -0400
Sender: owner-ipsec@lists.tislabs.com

I think this is definitely the best way to proceed.  It should have minimum
impact on those already having implemented / deployed XAUTH, and results in
a cleaner state machine for those who are just implementing it now.  

Before we make any changes to the doc. though I want to make sure that
everyone is in agreement.

Are there are any objections?

> -----Original Message-----
> From: Joern Sierwald [mailto:joern.sierwald@datafellows.com]
> Sent: Friday, July 23, 1999 9:31 AM
> To: ipsec@lists.tislabs.com; tjenkins@TimeStep.com
> Subject: RE: XAUTH is broken
> 
> 
> Conclusion:
> 
> Best way is a new exchange. It will work exactly as specified in
> the xauth draft, except the exchange number in the ISAKMP headers will
> be a new XAUTH number instead of cfg-mode.
> 
> A clarification: XAUTH ends with a SET and an ACK type packet. 
> SET and ACK are used only at the end of the exchange. 
> This way, the XAUTH exchange is not "open-ended",
> it is just "variable length".
> 
> As I am ignorant of the procedures... Who picks the number?
> 
> Jörn
> 
> 
>

Follow-Ups:

Re: XAUTH is broken

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: RE: XAUTH is broken
Next by Date: Re: Requirements driving xauth [was Re: Secret public keys,Re: comment on xauth and hybrid]
Prev by thread: RE: XAUTH is broken
Next by thread: Re: XAUTH is broken
Index(es):
- Main
- Thread