Comments on ISAKMP/Oakley

Naganand Doraswamy <naganand@ftp.com> Thu, 08 August 1996 14:47 UTC

Received: from relay.hq.tis.com by neptune.TIS.COM id aa23052; 8 Aug 96 10:47 EDT
Received: by relay.hq.tis.com; id KAA11342; Thu, 8 Aug 1996 10:50:27 -0400
Received: from sol.hq.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma011314; Thu, 8 Aug 96 10:50:00 -0400
Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA03377; Thu, 8 Aug 96 10:49:27 EDT
Received: by relay.hq.tis.com; id KAA11302; Thu, 8 Aug 1996 10:49:57 -0400
Received: from ftp.com(128.127.2.122) by relay.tis.com via smap (V3.1.1) id xma011295; Thu, 8 Aug 96 10:49:55 -0400
Received: from ftp.com by ftp.com ; Thu, 8 Aug 1996 10:52:18 -0400
Received: from athena.ftp.com by ftp.com ; Thu, 8 Aug 1996 10:52:18 -0400
Message-Id: <2.2.32.19960808145715.00b4d320@mailserv-H.ftp.com>
X-Sender: naganand@mailserv-H.ftp.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 08 Aug 1996 10:57:15 -0400
To: ipsec@TIS.COM
From: Naganand Doraswamy <naganand@ftp.com>
Subject: Comments on ISAKMP/Oakley
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

These are mostly implemetation type comments:

2.4.1. Security Association Payload
   Is the "Payload Length" field *really* supposed to be specified in
   four-octet units, or should it be in octets as all the other payloads
   are?


A.6.1. Attribute Value Assigned Numbers, IPSEC ESP
   TLV constructs: how long is "Type"?  How long is "Length"?  Is "Length"
   in terms of octets, or some other unit?  Are the lengths of "Type" and
   "Length" included in "Length" or not?

   Where is "Multiple Precision Integer" specified?

A.7.1 The basic proposal format does has the following fields defined in the
header:
       - Proposal #, Proposal Len, Protocol # and Attribute TLV's
   However, the ESP, AH, and ISAKMP proposals have defined the Transforms ID's  
   and a reserved field. Shouldnt the basic proposal format take care of
this as 
   well?

A.7.4. Proposal Formats, ISAKMP: ???


A.8.1. Security Association Payload Format
   Does the Situation field length need to be an integral multiple of
   four octets, as the Proposal field needs to be?  Is the Situation Length
   field (Figure 20) specified as octets, four-octet units, or ... ?


draft-ietf-ipsec-isakmp-oakley-00.txt

Where are ISAKMP exchange numbers defined for the various Oakley modes?
What happens to the Base, Identity Protection, and Authentication Only
exchanges defined in the ISAKMP draft?  How does one implemement the other
exchanges (which are defined as MUSTs in the ISAKMP draft) if Oakley is
the only supported key exchange and is there any need to implement the basic
ISAKMP modes if one is supporting only key exchange for IPSEC?

5.1 Oakley Main Mode

   Oakley Main Mode looks a lot like the Identity Protection exchange from
   the ISAKMP draft, except that the Envelope is missing in all transactions,
   a Nonce is added to the third and fourth messages, and the placement of
   the optional Certificate relative to the Signature in the fifth and sixth
   messages is reversed.  Can these two exchanges be merged somehow?

Thanks,

-- Shawn Mamros and Naganand Doraswamy