Flag Field of ISAKMP header

["Masafumi Tsuruta" <tsuruta@insi.co.jp>]

Hi all.
I 'm Japanese and not good at English. Sorry.

I have some questions about Flags field of ISAKMP header. In ISAKMP header,
we have 3 bit-fields, "Encryption Bit" "Commit Bit" "Authentication Only
Bit".

In the case of Commit Bit, a merit we receive is at least one point I think.

1) It is used to ensure that encrypted material is not received prior to
completion of the SA establishment.

That is , in short, the merit is notifying the finishing of receipt all
payload before making complete SA establishment. But in the case of not to
use Commit Bit, I think the negotiation will be running smoothly because of
Commit Bit is optional flag. In RFC 2408 section 3.1 means Commit Bit
setting is either will do (i.e. that is optional).

However Commit Bit is in the Flag field, actually. So it must be clearly
merits of the existance, which is not the above.

So please tell me another merits of Commit Bit existence.

And also in the Authentication Only Bit case, what are the merits we set the
Authentication Only Bit for non-encrypted payload send? In addition, I don't
know Emergency Mode, too. What is this mode? Please give me any suggestion
or comments about these points(such as URLs, RFCs).

At last, If someone knows about security related problems (or solution)
about these Commit Bit, Authentication Only Bit, and all over Flag field.
Please tell me.

Thank you very much.

Masafumi Tsuruta
tsuruta@insi.co.jp

---

• Prev by Date: RE: IKE encryption in aggressive mode
• Next by Date: RE: NAT traversal documents: are we close to done?
• Prev by thread: RE: IKE encryption in aggressive mode
• Next by thread: RE: NAT traversal documents: are we close to done?
• Index(es):
  • Main
  • Thread