RE: IPsec and Oakley test items

Greg Carter <greg.carter@entrust.com> Fri, 05 September 1997 12:30 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA28303 for ipsec-outgoing; Fri, 5 Sep 1997 08:30:16 -0400 (EDT)
Message-ID: <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-970905123540Z-36246@mail.entrust.com>
From: Greg Carter <greg.carter@entrust.com>
To: "'anx-sec@dot.netrex.net'" <anx-sec@dot.netrex.net>
Cc: "'isakmp-oakley@cisco.com'" <isakmp-oakley@cisco.com>, "'ipsec@tis.com'" <ipsec@tis.com>
Subject: RE: IPsec and Oakley test items
Date: Fri, 05 Sep 1997 08:35:40 -0400
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>  Informational exchanges are protected by SKEYID_e and SKEYID_a. Section
>5.6 doesn't mention how an IV is generated to use with encryption nor does
>it mention where 'M-ID' in the HASH definition came from. The intent is that
>this is similar to a Quick Mode initiation. A unique message id for this
>single message is chosen and it is used to generate an IV ala Quick Mode.
>Once this message is sent all the state associated with it-- the IV, the
>message id, plus whatever else your implementation chooses to generate--
>is deleted. This is how it should be done.

Hi Dan,

I a little confused now.  For Info exchange (an example - a notify of a
failed QUICK_MODE) associated with a quick mode what M-ID do we use?
The M-ID associated with the quick mode (what we had previously done) or
generate a new unique ID.  Is the generation of a unique ID only for
'independent' Informational exchanges (assuming an ISAKMP SA has been
setup),  I hope so...

Thanks
Bye.
----
Greg Carter, Entrust Technologies
greg.carter@entrust.com
Get FREE 128-bit FIPS-140-1 Validated Crypto for the desktop
http://www.entrust.com/solo.htm

>