[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKEv2 cookie question
In the MSEC group, there has been a proposal to potentially add cookies
to the GSAKMP protocol. Since IKE had already dealt with this issue I
looked into how you did cookies. I am very intrigued by your use of
cookies, but in reading through the IKEv2 spec I have some questions.
Either I do not understand your syntax, something is missing, or there
is some mis-information. Please help me clarify what is happening.
In Section 2.6 - Cookies , you give the disection for you message structure
using cookies:
Initiator Responder
----------- -----------
HDR(A,0), SAi1, KEi, Ni -->
<-- HDR(A,0), N(COOKIE_REQUIRED),
N(COOKIE)
HDR(A,0), N(COOKIE), SAi1, KEi, Ni -->
From this message I interpret that the reponder sends the initiator a
message with two (2) notification payloads, cookie_required and cookie.
The initiator then rebuilds the initial message with the cookie received
from the responder in the notification cookie payload.
However, in Section 3.10.1 - Notify Message Types, you only have a value
for COOKIE and not for COOKIE_REQUIRED.
All this leads me to believe that what you really meant to say is that
the responder sends a message with one (1) notification payload
containing the Cookie value. The initiator takes this cookie value from
the notification payload and sends it back to the responder in the
rebuilt initial message.
So which definition is correct? Is there any way to fix the spec to
clear up this ambiguity? Thanx
UM
--
Uri Meth (410) 872 - 1515 x233 (voice)
SPARTA, Inc. (410) 872 - 8079 (fax)
7075 Samuel Morse Drive umeth@sparta.com
Columbia, MD 21046