[Ike] about Flag foeld of ISAKMP header
Masafumi Tsuruta
tsuruta at insi.co.jp
Tue Nov 13 22:22:49 CST 2001
Hi all.
I 'm Japanese and not good at English. Sorry so much.
I have some questions about Flags field of ISAKMP header. In ISAKMP header,
we have 3 bit-fields, "Encryption Bit" "Commit Bit" "Authentication Only
Bit".
In the case of Commit Bit, a merit we receive is at least one point I think.
1) It is used to ensure that encrypted material is not received prior to
completion of the SA establishment.
That is, in short, the merit is notifying the finishing of receipt all
payload before making complete SA establishment. But in the case of not to
use Commit Bit, I think the negotiation will be running smoothly because of
Commit Bit is optional flag. In RFC 2408 section 3.1 means Commit Bit
setting is either will do (i.e. that is optional).
However Commit Bit is in the Flag field, actually exist. I think it must be
clearly merits of the existance, which is not the above.
So please tell me another merits of Commit Bit existence.
And also in the Authentication Only Bit case, what are the merits we set the
Authentication Only Bit for non-encrypted payload send? In addition, I don't
know "Emergency Mode", too. What is this mode? Please give me any suggestion
or comments about these points (such as URLs, RFCs etc).
At last, If someone knows about security related problems (or solutions)
about these Commit Bit, Authentication Only Bit, and all over Flag field.
Please tell me.
Thank you very much.
Masafumi Tsuruta
tsuruta at insi.co.jp
More information about the IKE
mailing list