Re: IPsec and Oakley test items

Daniel Harkins <> Fri, 05 September 1997 16:08 UTC

Received: (from majordom@localhost) by (8.8.2/8.8.2) id MAA29754 for ipsec-outgoing; Fri, 5 Sep 1997 12:08:51 -0400 (EDT)
Message-Id: <199709051618.JAA22079@dharkins-ss20>
X-Authentication-Warning: Host didn't use HELO protocol
To: Greg Carter <>
Cc: "''" <>, "''" <>, "''" <>
Subject: Re: IPsec and Oakley test items
In-Reply-To: Your message of "Fri, 05 Sep 1997 08:35:40 EDT." <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 05 Sep 1997 09:18:08 -0700
From: Daniel Harkins <>
Precedence: bulk


  Yes, the M-ID is only for the informational exchange. If the notify is
a result of a failed Quick Mode the M-ID of the informational exchange
will not be that of the failed Quick Mode; they are different. And once
the message has been sent the unique M-ID (only for the Info exchange) is
thrown away.


Greg Carter responding to me:
> >  Informational exchanges are protected by SKEYID_e and SKEYID_a. Section
> >5.6 doesn't mention how an IV is generated to use with encryption nor does
> >it mention where 'M-ID' in the HASH definition came from. The intent is that
> >this is similar to a Quick Mode initiation. A unique message id for this
> >single message is chosen and it is used to generate an IV ala Quick Mode.
> >Once this message is sent all the state associated with it-- the IV, the
> >message id, plus whatever else your implementation chooses to generate--
> >is deleted. This is how it should be done.
> Hi Dan,
> I a little confused now.  For Info exchange (an example - a notify of a
> failed QUICK_MODE) associated with a quick mode what M-ID do we use?
> The M-ID associated with the quick mode (what we had previously done) or
> generate a new unique ID.  Is the generation of a unique ID only for
> 'independent' Informational exchanges (assuming an ISAKMP SA has been
> setup),  I hope so...