RE: IPsec and Oakley test items

Greg Carter <> Fri, 05 September 1997 12:30 UTC

Received: (from majordom@localhost) by (8.8.2/8.8.2) id IAA28303 for ipsec-outgoing; Fri, 5 Sep 1997 08:30:16 -0400 (EDT)
Message-ID: <>
From: Greg Carter <>
To: "''" <>
Cc: "''" <>, "''" <>
Subject: RE: IPsec and Oakley test items
Date: Fri, 05 Sep 1997 08:35:40 -0400
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Precedence: bulk

>  Informational exchanges are protected by SKEYID_e and SKEYID_a. Section
>5.6 doesn't mention how an IV is generated to use with encryption nor does
>it mention where 'M-ID' in the HASH definition came from. The intent is that
>this is similar to a Quick Mode initiation. A unique message id for this
>single message is chosen and it is used to generate an IV ala Quick Mode.
>Once this message is sent all the state associated with it-- the IV, the
>message id, plus whatever else your implementation chooses to generate--
>is deleted. This is how it should be done.

Hi Dan,

I a little confused now.  For Info exchange (an example - a notify of a
failed QUICK_MODE) associated with a quick mode what M-ID do we use?
The M-ID associated with the quick mode (what we had previously done) or
generate a new unique ID.  Is the generation of a unique ID only for
'independent' Informational exchanges (assuming an ISAKMP SA has been
setup),  I hope so...

Greg Carter, Entrust Technologies
Get FREE 128-bit FIPS-140-1 Validated Crypto for the desktop