Re: revised hash

[Tero Kivinen <kivinen@ssh.fi>]

sakane@kame.net (Shoichi Sakane) writes:
> i'm not sure the question was discussed in the past.
> please, does anyone clarify me.  i have a question about
> draft-ietf-ipsec-ike-hash-revised-02.txt although
> i know the draft has expired.
> 
> the section 3 of this draft says:
> 
> 	The packet_1 is the first packet initiator sends to the network
> 	(starting from the beginning of the generic header and continuing
> 	to the length specified in the ISAKMP header).
> 
> i'm confusing about this description.  "the beginning of the generic
> header" means the next octet to the ISAKMP header because the generic
> header isn't ISAKMP header.  but "the length in the ISAKMP header"
> is total length of the packet.  it is length mismatch.
> the description would be "starting from the beginning of the ISAKMP
> header...", right ?

It is supposed to say that everything starting from the beginning of
the ISAKMP packet (i.e at the start of the ISAKMP generic packet
header, starting with the cookies) and going up to the length
specified in the ISAKMP generic packet header.

We are talking about the ISAKMP packets here, not the payloads, thus
the ISAKMP payload header does not matter here. 


> RFC2408 defines and uses just two expressions.  "Generic Payload Header"
> is the header of each ISAKMP payload.  "ISAKMP Header" is the ISAKMP packet
> header.  the draft used almost four expressions about "header".  
> 	generic ISAKMP header
> 	ISAKMP generic headers
> 	ISAKMP payload headers
> 	ISAKMP header
> IMHO, those expressions should not be used.  only two expressions
> should be used.

True. I try to fix this before resubmitting the draft. 
-- 
kivinen@ssh.fi                               Work : +358 303 9870
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/