Re: IPSec SA's contents

[Gwangsoo Rhee <rhee@sookmyung.ac.kr>]

SA in the first message can contain multiple proposals
as suggestions for IPsec SA. SA in the second message
is a single proposal selected by the responder.

Items in a proposal may include:
- protocol: ESP or AH
- Encr algo
- Auth algo
- Hash Algo
- encapsulation mode: tunnel or transport
- DH group #
- SA lifetime (in seconds and/or in KBs)
- etc.

I hope this helps.

Masafumi Tsuruta wrote:

> Hi.
>
> I have a question about IPSec SA. Please give me any suggestion if you don't
> worry.
>
> In Phase 2, Quickmode, according to RFC 2409 <5.5 Phase 2 - Quick Mode> an
> ascii art explains how works quickmode as below.
>
> -----------------------begin-----------------------------------
> Initiator                             |            Responder
> HDR*, HASH (1), SA, Ni,
>         [, KE] [, IDci, IDcr] -->
>                                       <--   HDR*, HASH (2), SA, Nr
>                                             [, KE] [, IDci, IDcr]
> HDR*, HASH (3)                 -->
> -----------------------end-------------------------------------
>
> In this figure, I can't understand what is in the "SA". Some components (ex.
> Nonce payload) are part from "SA", so I can't understand "SA" contents.
>
> Please tell me the contents of "SA". Thank you.
>
> Masafumi Tsuruta
> tsuruta@insi.co.jp

--

---------------------------------------
Gwangsoo Rhee <rhee@sookmyung.ac.kr>
tel: +82-2-710-9429  fax: 710-9296
HP: 011-9691-9541
---------------------------------------

---

References:

• IPSec SA's contents
• From: "Masafumi Tsuruta" <tsuruta@insi.co.jp>

---

• Prev by Date: test
• Next by Date: RE: Status of ID: IPsec Flow Monitoring MIB
• Prev by thread: IPSec SA's contents
• Next by thread: CBC makes Implementations too Slow.
• Index(es):
  • Main
  • Thread