[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: the encrypted payload in IKEv2-05
The Encrypted Payload is somewhat confusing. The Integrity Checksum
Data is part of this Payload, but the computation includes the IKEv2
Header as well.
Dan's suggestion (I believe that was the case in -02- or -03-) sounds
better.
regards,
Lakshminath
PS: Let us not use 'auth data' (means something else in IKEv2) while
referring to Integrity Checksum Data :-). How about ICD or may be ICV?
Dan Harkins wrote:
<deleted text>
> I missed when this got added but I recommend it be removed and we
> go back to the way it used to be-- IV is part of the IKE Header iff
> the rest of the message is encrypted, and there is a "trailer" appended
> which includes the padding, pad length, and auth data.
>
> thanks,
>
> Dan.
>
>