[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about the ISAKMP Notification Payload

To: ipsec@lists.tislabs.com
Subject: Question about the ISAKMP Notification Payload
From: Frédéric Detienne <fd@cisco.com>
Date: Wed, 21 Feb 2001 08:54:35 +0100
Organization: Cisco
Reply-To: fd@cisco.com
Sender: owner-ipsec@lists.tislabs.com

Hi,

Does anyone know why an SPI for ISAKMP (the cookie pair) MUST be ignored when it appears in a Notification Payload ?

Well. I understand the cookie pair at the beginning *may* be enough but I do not understand why it MUST be ignored if present in the payload. That is, what is the risk associated ? (what's the story behind ?)


--8<---- RFC 2408 - 3.14 - excerpt ---
       SPI Size (1 octet) - Length in octets of the SPI as defined by
       the Protocol-Id.  In the case of ISAKMP, the Initiator and
       Responder cookie pair from the ISAKMP Header is the ISAKMP SPI,
       therefore, the SPI Size is irrelevant and MAY be from zero (0) to
       sixteen (16).  If the SPI Size is non-zero, the content of the
       SPI field MUST be ignored.  The Domain of Interpretation (DOI)
       will dictate the SPI Size for other protocols.
--8<----

thank you,

	frederic detienne

Follow-Ups:

Re: Question about the ISAKMP Notification Payload

From: Dan Harkins <dharkins@potassium.cips.nokia.com>

Prev by Date: Re: exchange type 6?
Next by Date: Re: Any firm plans for another Bakeoff?
Prev by thread: Re: Any firm plans for another Bakeoff?
Next by thread: Re: Question about the ISAKMP Notification Payload
Index(es):
- Main
- Thread