[anonsec] question: ID payload in BTNS IKE negotiation
Michael Richardson
mcr at sandelman.ca
Sun May 13 16:51:50 PDT 2007
Shinta Sugimoto wrote:
> In BTNS IKE negotiation, what should ID payload (IDi/IDr) be?
> I understand that public key is the instance which represents
> identity of the host in BTNS. But reading the spec, I did not fully
To first order, it shouldn't matter, however that will lead to
interoperability issues.
My suggestion is that it should be IPV4/IPV6_ID of the host.
> understand how IKE negotiation is done in particular usage of ID
> payload. My interpretation of the spec is that an identity of
> a peer (=public key) is represented by the CERT payload. If so,
> what is the role of ID payload in BTNS IKE negotiation?
> And what should be included in the IDi, IDr?
The ID payload tells you how to look up the policy in the PAD.
You will have to look into the PAD at least, to discover that you had no
explicit policy for this peer, and that therefore, it should be put into
"BTNS" category.
More information about the ANONSEC
mailing list