[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: reliable notify question
They have to be the same, just like all the other exchanges. Otherwise
there would be no way to distinguish a response to your notify from a
newly initiated notify from the peer.
Dan.
On Mon, 04 Oct 1999 13:11:23 PDT you wrote
> Also, MUST the message_id in the responders ACK be the same as the
> message_id in the initiator's N/D, or MUST the message_ids be different?
>
> I'd argue for the former, since it will allow easier lookups, and I doubt
> there are any security issues with the duplicate mess_id.
>
> bs
>
> -----Original Message-----
> From: Brian Swander (Exchange)
> Sent: Monday, October 04, 1999 10:11 AM
> To: 'Dan Harkins'
> Cc: ipsec@lists.tislabs.com
> Subject: reliable notify question
>
>
> Pardon me if this has been asked before.
>
> In section 6.4.2 of the new IKE draft on reliable notifies, it says we need
> to use the initiator and responder nonces in constructing the messages.
>
> Initiator Responder
> ----------- -----------
> HDR*, HASH(1), Ni, N/D -->
> <-- HDR*, HASH(2), Nr, N/D
>
> First, are these values the nonces that were already exchanged, or are they
> newly generated for each reliable notify? I presume the former.
>
> If I am right so far, which nonce do we use, the MM nonces, or the QM
> nonces? I assume that we always use the MM nonce, since notifies are only
> really bound to the MM, and not to any particular QM.
>
> Is this correct?
>
> bs
>
>
References: