$OpenBSD: QUESTIONS,v 1.3 1998/11/17 11:10:06 niklas Exp $ $EOM: QUESTIONS,v 1.12 1998/10/11 17:11:06 niklas Exp $ Does the spec limit the count of SA payloads in a message? Where if so? [ Only the specific IKE main mode does. In the IKE spec.] The message ID field of the header, can it be considered a SA identifier if used together with the cookiepair? [Yes, it is meant to be that] DOI 0, what protocols are defined for it? Where? Isn't this a potential DOS attack: Hostile user listens for ISAKMP traffic, and then extracts cookiepairs and message IDs which he uses to flood any of the peers with spoofed packets pretending to be the other one. Most probably these packets will result in error notifications which potentially result in SA tear-down? Maybe should notifications never be issued for erroneous packets which cannot be authenticated? Or should we not tear down SAs as results of notifications? Certicom claims to hold licenses for Elliptic Curve Cryptography? Does this concern us? See: http://grouper.ieee.org/groups/p1363/patents.html Main mode when using public key encryption authentication does not look like an identity protection exchange to me. Must I really get rid of the generic ISAKMP payload presense tests? IV generation is not described precisely in Appendix B of -oakley-08.txt: 'Subsequent messages MUST use the last CBC encryption block from the previous message as their IV'. This probably means that we take the new IV from the last encrypted block of the last message we sent. The SSH testing site uses the last block from the last message they received. This is probably not what was meant and should be clarified on ipsec@tis.com. [ From what we have gathered this is what is meant. ]