[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ike2 v4 couple of comments
Couple of comments and a question on V4:
- Section 3.2
"All but the headers of all messages that follow are encrypted and
integrity protection protected."
This is true, but a bit misleading. Could it be rephrased:
"For messages that follow all of the message except the header are
encrypted. All of the message
including the header are intergrity protected."
- Section 4.6:
"If it matches, the responder knows that SPIr was generated since the
last change to <secret>..."
Where is SPIr coming from here, given that from the previous page, the
responder does not
choose an SPI?
- Section 4.14
The specification of SK_d,etc computation still refers to CKY-I and
CKY-R. Should this be replaced
with SPIi and SPIr?
Question on CREATE_CHILD_SA initiator/ responder determination.
(probably due to misreading something)
Section 4.2 states:
"There is no ambiguity in the messages, however, because each packet
contains enough information to
determine which of the four messages a particular one is."
When a CREATE_CHILD_SA message is received, I dont see anything in the
header that would allow
the recipient to determine if the message is a request or response. I
also dont see anyting in the payload
types that would allow a determination. So how is this done?