IETF Logo Mail Archive

Re: problems with draft-jenkins-ipsec-rekeying-06.txt

Dan Harkins <dharkins@cips.nokia.com> Fri, 14 July 2000 13:57 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA21244; Fri, 14 Jul 2000 06:57:23 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id IAA04562 Fri, 14 Jul 2000 08:48:33 -0400 (EDT)
Message-Id: <200007140104.SAA25773@potassium.network-alchemy.com>
To: hugh@mimosa.com
cc: Tim Jenkins <TJenkins@Catena.com>, IPsec List <ipsec@lists.tislabs.com>, Hugh Daniel <hugh@toad.com>, John Gilmore <gnu@toad.com>, Henry Spencer <henry@spsystems.net>
Subject: Re: problems with draft-jenkins-ipsec-rekeying-06.txt
In-reply-to: Your message of "Thu, 13 Jul 2000 12:38:56 EDT." <Pine.LNX.4.21.0007131230020.8405-100000@redshift.mimosa.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <25770.963536669.1@network-alchemy.com>
Date: Thu, 13 Jul 2000 18:04:29 -0700
From: Dan Harkins <dharkins@cips.nokia.com>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

On Thu, 13 Jul 2000 12:38:56 EDT you wrote
> 
> But another part, 5.7 "ISAKMP Informational Exchanges" says:
> 
>    As noted the message ID in the ISAKMP header-- and used in the prf
>    computation-- is unique to this exchange and MUST NOT be the same as
>    the message ID of another phase 2 exchange which generated this
>    informational exchange.
> 
> This does not qualify "unique" in any way.  It does clearly use the
> admonition "MUST NOT".

It also says "...which generated this informational exchange" which is
really poor wording. 1000 pardons. But the message ID of the phase 2
exchange is not the same as the message ID of the Informational Exchange.

You MUST NOT use a message ID of a currently active phase 2 exchange 
(e.g. Quick Mode) and send an Informational Exchange on it. But it doesn't
say you have to keep track of every single message ID used by a single
IKE SA.

  Dan.

v2.23.0 | Report a Bug | By Email