On Thu, 2010-07-01 at 14:35 -0400, Dan McDonald wrote: > On Thu, Jul 01, 2010 at 01:02:20PM -0500, Joy Latten wrote: > <SNIP!> > > I am thinking it can be concluded that responder computed MACedIDForR with > > 1's in the RESERVED field. > > That seems valid (though clearly the implementation who sends 1s is violating > Postel's Law, but you did say it's a TAHI test...). > > > Initiator needs to compute MACedIDForR to verify the MACedIDForR > > he received from responder. Should he use the IDr payload responder sent > > with 1's in RESERVED field? > > Yes, that's how I interpreted it. You can't rewrite bits that are fed into > an off-the-wire authentication calculation. > > > Or does "ignoring content" of RESERVED field mean initiator > > can safely assume/build the IDr payload using 0's for RESERVED field > > when he computes MACedIDForR? Of course in this case the authentication > > will fail... would that be expected behaviour? > > Postel's Law ("Be conservative in what you send, be liberal in what you > receive.") would suggest you compute the authentication with the EXACT > contents of what was on the wire. > Ahh, ok. Good explanation! :-) Thanks! Guess I need to fix some code. :-)
regards, Joy _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec