On Jan 22, 2010, at 11:57 PM, Yaron Sheffer wrote: > The text in 3.3 requires "peace of mind" to fully appreciate. A diagram might > be helpful. > > Here's a first shot (we'll need to add some descriptive text): > > SA Payload > | > ---------------............- > | | | > Proposal #1 Proposal #2 Proposal #n > ESP ESP > SPIx SPIy > | | > --------------------- -------------------- > | | | | > Transform A Tranform B Transform C Transform D > ENCR AUTH ENCR ESN > AES HMAC-SHA-256 AES-CCM ESN=1 > | > ----------------- > | | | > Attr Ax Attr Ay Attr Az > 128 192 256
I'm sorry I just noticed this, but is this even allowed? Can you include multiple key length attributes in the same transform? Section 3.3.6 says: If there are multiple proposals, the responder MUST choose a single proposal. If the selected proposal has multiple Transforms with the same type, the responder MUST choose a single one. So far, it's OK. The responder chooses one proposal, and if that proposal contains multiple transforms of the same type (say AUTH=HMAC-SHA-1 and AUTH=HMAC-SHA-256) then the responder chooses just one of those. Any attributes of a selected transform MUST be returned unmodified. To me, "unmodified" does not mean choose one of three. So IMO the above Proposal #1 should be as follows (ignoring the missing ESN): Proposal #1 ESP SPIx | --------------------- | | Transform A Transform B Transform C Transform D ENCR ENCR ENCR AUTH AES AES AES HMAC-SHA-256 | | | Attr Ax Attr Ay Attr Az 128 192 256 The initiator of an exchange MUST check that the accepted offer is consistent with one of its proposals, and if not that response MUST be rejected. BTW: how do you reject a response? Yoav _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec