On Thu, 2010-07-01 at 14:35 -0400, Dan McDonald wrote:
> On Thu, Jul 01, 2010 at 01:02:20PM -0500, Joy Latten wrote:
> <SNIP!>
> > I am thinking it can be concluded that responder computed MACedIDForR with
> > 1's in the RESERVED field.
>
> That seems valid (though clearly the implementation who sends 1s is violating
> Postel's Law, but you did say it's a TAHI test...).
>
> > Initiator needs to compute MACedIDForR to verify the MACedIDForR
> > he received from responder. Should he use the IDr payload responder sent
> > with 1's in RESERVED field?
>
> Yes, that's how I interpreted it. You can't rewrite bits that are fed into
> an off-the-wire authentication calculation.
>
> > Or does "ignoring content" of RESERVED field mean initiator
> > can safely assume/build the IDr payload using 0's for RESERVED field
> > when he computes MACedIDForR? Of course in this case the authentication
> > will fail... would that be expected behaviour?
>
> Postel's Law ("Be conservative in what you send, be liberal in what you
> receive.") would suggest you compute the authentication with the EXACT
> contents of what was on the wire.
>
Ahh, ok. Good explanation! :-) Thanks!
Guess I need to fix some code. :-)
regards,
Joy
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
