[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

the encrypted payload in IKEv2-05

To: ipsec@lists.tislabs.com
Subject: the encrypted payload in IKEv2-05
From: Dan Harkins <dharkins@trpz.com>
Date: Fri, 28 Feb 2003 09:18:55 -0800
Sender: owner-ipsec@lists.tislabs.com

  Parsing IKEv2 messages is straightforward because if you're at
the current payload, curr, the next payload is at curr + curr->length
and the type of that payload will be curr->next_payload. And all the
payloads have the same generic format so parsing is easy.

  Except for the Encrypted Payload. It's "next payload" is, in fact,
the first interior payload. So this is alot like the clumsy IKEv1
construction of SA, proposal and transform. This is the sort of stuff
we were supposed to get rid of in IKEv2.

  It's an exception to an otherwise nice and clean rule. And that
makes for bad code.

  I missed when this got added but I recommend it be removed and we
go back to the way it used to be-- IV is part of the IKE Header iff
the rest of the message is encrypted, and there is a "trailer" appended
which includes the padding, pad length, and auth data.

  thanks,

    Dan.

Follow-Ups:
- Re: the encrypted payload in IKEv2-05
  - From: "jpickering@creeksidenet.com" <jpickering@creeksidenet.com>
- Re: the encrypted payload in IKEv2-05
  - From: Lakshminath Dondeti <ldondeti@nortelnetworks.com>

Prev by Date: "Me Tarzan, You Jane" in IKEv2-05
Next by Date: suites vs. a la carte and IPcomp in IKEv2-05
Prev by thread: Re: "Me Tarzan, You Jane" in IKEv2-05
Next by thread: Re: the encrypted payload in IKEv2-05
Index(es):
- Date
- Thread