[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: reliable notify question

To: "'Dan Harkins'" <dharkins@network-alchemy.com>
Subject: RE: reliable notify question
From: "Brian Swander (Exchange)" <briansw@exchange.microsoft.com>
Date: Mon, 4 Oct 1999 13:11:23 -0700
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

Also, MUST the message_id in the responders ACK be the same as the
message_id in the initiator's N/D, or MUST the message_ids be different?

I'd argue for the former, since it will allow easier lookups, and I doubt
there are any security issues with the duplicate mess_id.

bs

-----Original Message-----
From: Brian Swander (Exchange) 
Sent: Monday, October 04, 1999 10:11 AM
To: 'Dan Harkins'
Cc: ipsec@lists.tislabs.com
Subject: reliable notify question


Pardon me if this has been asked before.

In section 6.4.2 of the new IKE draft on reliable notifies, it says we need
to use the initiator and responder nonces in constructing the messages.

        Initiator                        Responder
      -----------                      -----------
       HDR*, HASH(1), Ni, N/D  -->
                               <--      HDR*, HASH(2), Nr, N/D

First, are these values the nonces that were already exchanged, or are they
newly generated for each reliable notify?  I presume the former.

If I am right so far, which nonce do we use, the MM nonces, or the QM
nonces?  I assume that we always use the MM nonce, since notifies are only
really bound to the MM, and not to any particular QM.

Is this correct?  

bs

Follow-Ups:

Re: reliable notify question

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: reliable notify question
Next by Date: Re: reliable notify question
Prev by thread: Re: reliable notify question
Next by thread: Re: reliable notify question
Index(es):
- Main
- Thread