[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problems with draft-jenkins-ipsec-rekeying-06.txt

To: hugh@mimosa.com
Subject: Re: problems with draft-jenkins-ipsec-rekeying-06.txt
From: Dan Harkins <dharkins@cips.nokia.com>
Date: Thu, 13 Jul 2000 18:04:29 -0700
cc: Tim Jenkins <TJenkins@Catena.com>, IPsec List <ipsec@lists.tislabs.com>, Hugh Daniel <hugh@toad.com>, John Gilmore <gnu@toad.com>, Henry Spencer <henry@spsystems.net>
In-reply-to: Your message of "Thu, 13 Jul 2000 12:38:56 EDT." <Pine.LNX.4.21.0007131230020.8405-100000@redshift.mimosa.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 13 Jul 2000 12:38:56 EDT you wrote
> 
> But another part, 5.7 "ISAKMP Informational Exchanges" says:
> 
>    As noted the message ID in the ISAKMP header-- and used in the prf
>    computation-- is unique to this exchange and MUST NOT be the same as
>    the message ID of another phase 2 exchange which generated this
>    informational exchange.
> 
> This does not qualify "unique" in any way.  It does clearly use the
> admonition "MUST NOT".

It also says "...which generated this informational exchange" which is
really poor wording. 1000 pardons. But the message ID of the phase 2
exchange is not the same as the message ID of the Informational Exchange.

You MUST NOT use a message ID of a currently active phase 2 exchange 
(e.g. Quick Mode) and send an Informational Exchange on it. But it doesn't
say you have to keep track of every single message ID used by a single
IKE SA.

  Dan.

References:

RE: problems with draft-jenkins-ipsec-rekeying-06.txt

From: "D. Hugh Redelmeier" <hugh@mimosa.com>

Prev by Date: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Next by Date: Re: Unique MIDs
Prev by thread: RE: problems with draft-jenkins-ipsec-rekeying-06.txt
Next by thread: RE: problems with draft-jenkins-ipsec-rekeying-06.txt
Index(es):
- Main
- Thread