[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKE header

To: <ipsec@lists.tislabs.com>
Subject: IKE header
From: "David Faucher" <dfaucher@lucent.com>
Date: Mon, 25 Nov 2002 14:20:11 -0600
Sender: owner-ipsec@lists.tislabs.com

Section 5.1 of draft-ietf-ipsec-ikev2-03.txt
describes the IKE header states

- Recipient SPI MUST be zero for the first packet
of IKE_SA_init and MUST NOT be zero for any other
packet

- Sender SPI MUST NOT be zero.

    What about a node that is receiving packets
    with unknown SPIs? If it has no IKE-SA then
    what values would it place in the Recipient 
    and Sender SPI fields of an unprotected 
    informational containing a Notify payload?

- Flags (bit 3) MUST be set in messages sent by the 
original initiator of the IKE-SA and MUST be cleared
in messages sent by the original responder.

    Should "messages" be "requests" in the above
    statement? And MUST a response contain the value
    that was received in the request?

The term "original initiator" and "original responder" 
are seen throughout the document without having been
defined. Is it safe to assume that they are referring
to the role that a node played during the establishment
of the original IKE-SA? Would these change if the original
responder initiated a rekey of the IKE-SA?

David

Prev by Date: RE: Rekey of IKE-SA
Next by Date: Child_SA key material
Prev by thread: Re: Rekey of IKE-SA
Next by thread: Child_SA key material
Index(es):
- Date
- Thread