[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Connected Notify

To: IPSec <ipsec@lists.tislabs.com>
Subject: Connected Notify
From: Mike Williams <mikewill@attglobal.net>
Date: Tue, 25 Jan 2000 12:15:31 -0500
Sender: owner-ipsec@lists.tislabs.com

According to IKE <draft-ietf-ipsec-ike-01.txt>, the commit bit in the
ISAKMP header can be set to extend a Quick Mode by a single message from

the Responder to the Initiator to delay use of the SAs created by the
Quick Mode.  The message will consist of an authenticated hash, using
SKEYID_a as the key, of the message ID from the Quick Mode concatenated
with a notify payload whose type is set to CONNECTED (16384).

Does the CONNECTED notification contain SPI for the newly negotiated SA?

If an SA bundle (AH + ESP) is negotiated, is it appropriate to send 2
notify payloads in the 4th message - one with the AH SPI and the other
with the ESP SPI?

If more than a single notify payload is sent, is HASH(4) constructed
using the first or all notify payloads?

Any information would be greatly appreciated.

Thanks,
Mike Williams

Prev by Date: Re: Bruce Schneier on IPsec
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: Connected Notification
Next by thread: Request for Clarification of Usage of Certificate Request Payload to Maximimze Interoperability
Index(es):
- Main
- Thread