[anonsec] question: ID payload in BTNS IKE negotiation

mcr at sandelman.ca (Michael Richardson) Sun, 13 May 2007 23:51 UTC

From: "mcr at sandelman.ca"
Date: Sun, 13 May 2007 19:51:50 -0400
Subject: [anonsec] question: ID payload in BTNS IKE negotiation
In-Reply-To: <20070513223149.66EE.SHINTA@sfc.wide.ad.jp>
References: <20070513223149.66EE.SHINTA@sfc.wide.ad.jp>
Message-ID: <f288am$gcp$1@sea.gmane.org>

Shinta Sugimoto wrote:
> In BTNS IKE negotiation, what should ID payload (IDi/IDr) be?
> I understand that public key is the instance which represents
> identity of the host in BTNS.  But reading the spec, I did not fully

To first order, it shouldn't matter, however that will lead to 
interoperability issues.

My suggestion is that it should be IPV4/IPV6_ID of the host.

> understand how IKE negotiation is done in particular usage of ID
> payload.  My interpretation of the spec is that an identity of
> a peer (=public key) is represented by the CERT payload.  If so,
> what is the role of ID payload in BTNS IKE negotiation?
> And what should be included in the IDi, IDr?

The ID payload tells you how to look up the policy in the PAD.
You will have to look into the PAD at least, to discover that you had no 
explicit policy for this peer, and that therefore, it should be put into
"BTNS" category.

[anonsec] question: ID payload in BTNS IKE negoti… Shinta Sugimoto
[anonsec] question: ID payload in BTNS IKE negoti… Michael Richardson
[anonsec] question: ID payload in BTNS IKE negoti… Shinta Sugimoto
[anonsec] question: ID payload in BTNS IKE negoti… Michael Richardson