Reason of the Authentication Only Bit

["Masafumi Tsuruta" <tsuruta@insi.co.jp>]

Hi.

According to some previous messages, I knew the reason why Authentication
Only Bit was made is for "Key Recovery". But I can't understand why
Authentication Only Bit is made good use of the Key Recovery.

The translated book into Japanese; "IPSec: The New Security Standard for the
Internet, Intranets, and Virtual Private Networks" by Naganand Doraswamy and
Dan Harkins described as below in the section "Other IKE Exchanges".

	Informational Exchange messages don't need ACK answer from another entity,
so once Initiator/Responder sent a Informational Exchange message, ISAKMP SA
doesn't need to hold some information such as SKEYID_d or SKEYID_a. So
ISAKMP SA clears these information.

According to the description, I think if any information which is not
concerned with the Informational Exchange message, those are remained in the
ISAKMP SA. Is it correct? If my thinking for this question is correct, is
the reason why Authentication Only Bit existence for the key recovery?

I can't know correct contents of the book by the authors, which is described
above, because I don't have original English book. However if these reasons
are correct, where are the grounds for these arguments? If someone knows
such information, please tell me the URL.

Thank you and sorry for my broken English.

Masafumi Tsuruta
tsuruta@insi.co.jp

--------------------------------------
International Network Security Inc.
3rd Yamada Building, 22Aizumi-cho,
Shijyuku Tokyo, JAPAN
Dept of Tech
Masafumi Tsuruta
http://www.insi.co.jp

---

• Prev by Date: Oakley groups
• Next by Date: Re: IKE v2 Requirements and backwards compatibility
• Prev by thread: Oakley groups
• Next by thread: IPSEC with PAT and Rekeying Issues
• Index(es):
  • Main
  • Thread