ISAKMP v08 comments

wdm@epoch.ncsc.mil (W. Douglas Maughan) Mon, 08 September 1997 14:19 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id KAA18113 for ipsec-outgoing; Mon, 8 Sep 1997 10:19:55 -0400 (EDT)
Date: Mon, 08 Sep 1997 10:31:39 -0400
From: wdm@epoch.ncsc.mil
Message-Id: <9709081431.AA00577@dolphin.ncsc.mil>
To: ipsec@tis.com
Subject: ISAKMP v08 comments
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

All,

As a reminder, I would like all comments on ISAKMP-08 by the end of the
week. I would like to have a new draft out by the 20th so it can go
forward to the IESG. I will include the items I presented at Munich
which were all interoperability issues. They are listed here:

   *    Text to clarify that Data Attributes fields contained in
   Transform payloads are not aligned on 4-octet boundaries. If they
   don't align then subsequent payloads will not be aligned and any
   padding will be added at the end of the message as described in
   ISAKMP-08 section 3.

   *    Text to clarify the use of IVs with respect to Informational
   Exchanges, i.e. independence from IVs of other on-going
   communication.

   *    Removal of # Cert Types and # Cert Auths fields from the
   Certificate Request payload. This will eliminate parsing problems
   for multiple certificates and authorities or non-existent
   authorities (e.g. PGP) and multiple Certificate Request payloads can
   be chained together to accomplish the same thing more efficiently.

   *    Adding an additional bit in the ISAKMP Header Flags field for
   Authentication Only Information Exchange. This bit is intended for
   use with the Informational Exchange with a Notify payload and will
   allow passing information with integrity checking, but no encryption
   (e.g. "emergency mode"). NOTE: The current I-D calls for all
   Informational Exchanges to be sent under protection of an ISAKMP SA.
   This is a slight modification to that policy.

Thanks,

Doug Maughan