[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the encrypted payload in IKEv2-05

To: Dan Harkins <dharkins@trpz.com>
Subject: Re: the encrypted payload in IKEv2-05
From: Lakshminath Dondeti <ldondeti@nortelnetworks.com>
Date: Fri, 28 Feb 2003 16:04:15 -0500
CC: ipsec@lists.tislabs.com
References: <200302281718.h1SHItE64113@homebrew.trpz.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01

The Encrypted Payload is somewhat confusing.  The Integrity Checksum 
Data is part of this Payload, but the computation includes the IKEv2 
Header as well.

Dan's suggestion (I believe that was the case in -02- or -03-) sounds 
better.

regards,
Lakshminath

PS:  Let us not use 'auth data' (means something else in IKEv2) while 
referring to Integrity Checksum Data :-).  How about ICD or may be ICV?

Dan Harkins wrote:
<deleted text>
>   I missed when this got added but I recommend it be removed and we
> go back to the way it used to be-- IV is part of the IKE Header iff
> the rest of the message is encrypted, and there is a "trailer" appended
> which includes the padding, pad length, and auth data.
> 
>   thanks,
> 
>     Dan.
> 
>

References:
- the encrypted payload in IKEv2-05
  - From: Dan Harkins <dharkins@trpz.com>

Prev by Date: Re: "Me Tarzan, You Jane" in IKEv2-05
Next by Date: Re: Ready for IETF Last Call draft-ietf-ipsec-dpd-01.txt
Prev by thread: Re: the encrypted payload in IKEv2-05
Next by thread: suites vs. a la carte and IPcomp in IKEv2-05
Index(es):
- Date
- Thread