Comments on ISAKMP/Oakley
Naganand Doraswamy <naganand@ftp.com> Thu, 08 August 1996 14:47 UTC
Received: from relay.hq.tis.com by neptune.TIS.COM id aa23052; 8 Aug 96 10:47 EDT
Received: by relay.hq.tis.com; id KAA11342; Thu, 8 Aug 1996 10:50:27 -0400
Received: from sol.hq.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma011314; Thu, 8 Aug 96 10:50:00 -0400
Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA03377; Thu, 8 Aug 96 10:49:27 EDT
Received: by relay.hq.tis.com; id KAA11302; Thu, 8 Aug 1996 10:49:57 -0400
Received: from ftp.com(128.127.2.122) by relay.tis.com via smap (V3.1.1) id xma011295; Thu, 8 Aug 96 10:49:55 -0400
Received: from ftp.com by ftp.com ; Thu, 8 Aug 1996 10:52:18 -0400
Received: from athena.ftp.com by ftp.com ; Thu, 8 Aug 1996 10:52:18 -0400
Message-Id: <2.2.32.19960808145715.00b4d320@mailserv-H.ftp.com>
X-Sender: naganand@mailserv-H.ftp.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 08 Aug 1996 10:57:15 -0400
To: ipsec@TIS.COM
From: Naganand Doraswamy <naganand@ftp.com>
Subject: Comments on ISAKMP/Oakley
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
These are mostly implemetation type comments: 2.4.1. Security Association Payload Is the "Payload Length" field *really* supposed to be specified in four-octet units, or should it be in octets as all the other payloads are? A.6.1. Attribute Value Assigned Numbers, IPSEC ESP TLV constructs: how long is "Type"? How long is "Length"? Is "Length" in terms of octets, or some other unit? Are the lengths of "Type" and "Length" included in "Length" or not? Where is "Multiple Precision Integer" specified? A.7.1 The basic proposal format does has the following fields defined in the header: - Proposal #, Proposal Len, Protocol # and Attribute TLV's However, the ESP, AH, and ISAKMP proposals have defined the Transforms ID's and a reserved field. Shouldnt the basic proposal format take care of this as well? A.7.4. Proposal Formats, ISAKMP: ??? A.8.1. Security Association Payload Format Does the Situation field length need to be an integral multiple of four octets, as the Proposal field needs to be? Is the Situation Length field (Figure 20) specified as octets, four-octet units, or ... ? draft-ietf-ipsec-isakmp-oakley-00.txt Where are ISAKMP exchange numbers defined for the various Oakley modes? What happens to the Base, Identity Protection, and Authentication Only exchanges defined in the ISAKMP draft? How does one implemement the other exchanges (which are defined as MUSTs in the ISAKMP draft) if Oakley is the only supported key exchange and is there any need to implement the basic ISAKMP modes if one is supporting only key exchange for IPSEC? 5.1 Oakley Main Mode Oakley Main Mode looks a lot like the Identity Protection exchange from the ISAKMP draft, except that the Envelope is missing in all transactions, a Nonce is added to the third and fourth messages, and the placement of the optional Certificate relative to the Signature in the fifth and sixth messages is reversed. Can these two exchanges be merged somehow? Thanks, -- Shawn Mamros and Naganand Doraswamy
- Comments on ISAKMP/Oakley Naganand Doraswamy
- Re: Comments on ISAKMP/Oakley Mark S. Schneider
- Re: Comments on ISAKMP/Oakley Oliver Spatscheck
- Re: Comments on ISAKMP/Oakley pau
- Re: Comments on ISAKMP/Oakley pau
- Re: Comments on ISAKMP/Oakley Naganand Doraswamy