[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: problems with draft-jenkins-ipsec-rekeying-06.txt
On Thu, 13 Jul 2000 12:38:56 EDT you wrote
>
> But another part, 5.7 "ISAKMP Informational Exchanges" says:
>
> As noted the message ID in the ISAKMP header-- and used in the prf
> computation-- is unique to this exchange and MUST NOT be the same as
> the message ID of another phase 2 exchange which generated this
> informational exchange.
>
> This does not qualify "unique" in any way. It does clearly use the
> admonition "MUST NOT".
It also says "...which generated this informational exchange" which is
really poor wording. 1000 pardons. But the message ID of the phase 2
exchange is not the same as the message ID of the Informational Exchange.
You MUST NOT use a message ID of a currently active phase 2 exchange
(e.g. Quick Mode) and send an Informational Exchange on it. But it doesn't
say you have to keep track of every single message ID used by a single
IKE SA.
Dan.
References: