S/WAN ISAKMP/Oakley testing...

Roy Pereira <rpereira@timestep.com> Thu, 07 November 1996 22:18 UTC

Received: from cnri by ietf.org id aa02218; 7 Nov 96 17:18 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa23833; 7 Nov 96 17:18 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id RAA10670 for ipsec-outgoing; Thu, 7 Nov 1996 17:11:45 -0500 (EST)
Message-ID: <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-961107221439Z-2162@tsntsrv2.timestep.com>
X-MS-TNEF-Correlator: <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-961107221439Z-2162@tsntsrv2.timestep.com>
From: Roy Pereira <rpereira@timestep.com>
To: 'isakmp-oakley' <isakmp-oakley@cisco.com>, 'IPSEC' <ipsec@tis.com>
Subject: S/WAN ISAKMP/Oakley testing...
Date: Thu, 07 Nov 1996 17:14:39 -0500
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01BBCCCF.2A4FCCB0"
Sender: owner-ipsec@ex.tis.com
Precedence: list

I'd like to talk about some of the 'magic' identifiers in ISAKMP.  I'm 
talking about the values that aren't defined in v5 of the draft.


- What transform ids are used for the ISAKMP proposal?
- What ids are used for the ISAKMP proposal attributes "Group 
Identifier", Encryption Alg", "Hash Alg", and "Auth Alg" ?
- What is the format of a SA proposal TLV ? Is the type and length 16 
bits each ? Or are they 8 bits each ?
- What is the ESP Proposal attribute "Cryptographic Synch" used for 
and when?
- How do we transform a 8-byte ISAKMP SPI to a 4-byte ESP/AH SPI ?
- The v5 ISAKMP draft states that the "Payload Length" in the SA 
payload is "in 4-octet units", but this is incorrect and should by in 
1-octet units.
- For the Certificate Payload, there aren't any identifiers for the 
Certificate Type and there is only one identifier for the Certificate 
Authority.
- What ISAKMP exchange identifiers are used for the Oakley exchange 
modes?
- What is the Notify message error "CONNECTED" used for?
- What is the Notification Data?  It's contents are not defined in the 
Internet DOI.


Thanks.