[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KE payload
The problem is that with the advent of suites, there is no registry
of DH group numbers. There are a number of them published in
[ADDGROUP], but IKE is not limited to using only those. A newly
defined suite could use its own private DH group, and it would have
no identifier other than the suite-id.
--Charlie
Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).
Lakshminath Dondeti <ldondeti@xxxxxxxxxxxxxxxxxx> wrote:
> I may have missed the discussion on it, but why can't the Suite-ID in
> the KE payload be "DH group #"?
>
> regards,
> Lakshminath
>
> 1 2 3
> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> ! Next Payload !C! RESERVED ! Payload Length !
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> ! Suite-ID ! RESERVED (MBZ) !
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> ! !
> ~ Key Exchange Data ~
> ! !
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> Figure 8: Key Exchange Payload Format
>