Hi Andrew,
<https://datatracker.ietf.org/doc/html/rfc7383#section-2.5.3> https://datatracker.ietf.org/doc/html/rfc7383#section-2.5.3 Currently, there are no IKEv2 exchanges that define messages, containing both unprotected payloads and payloads, that are protected by the Encrypted payload. However, IKEv2 does not prohibit such construction. If some future IKEv2 extension defines such a message and it needs to be fragmented, all unprotected payloads MUST be placed in the first fragment (with the Fragment Number field equal to 1), along with the Encrypted Fragment payload, which MUST be present in every IKE Fragment message and be the last payload in it. Below is an example of a fragmenting message that contains both protected and unprotected payloads. HDR(MID=n), PLD0, SK(NextPld=PLD1) {PLD1 ... PLDN} Original Message HDR(MID=n), PLD0, SKF(NextPld=PLD1, Frag#=1, TotalFrags=m) {...}, ... IKE Fragment Messages Perhaps I'm confused by the terminology, but I can't see how to construct a message containing both SK/SKF and unprotected payloads. My understanding is that the HDR and PLD0 are "integrity [cryptographically] protected" by: https://datatracker.ietf.org/doc/html/rfc7383#section-2.5.3 o Integrity Checksum Data is the cryptographic checksum of the entire message starting with the Fixed IKE header through the Pad Length. The checksum MUST be computed over the encrypted message. Its length is determined by the integrity algorithm negotiated. while PLD1... are additionally encrypted (encrypt then sign). That's correct. Sure, RFC uses not quite accurate wordings, because by "unprotected" here it is meant "unencrypted". Integrity protection is provided over the whole message. Regards, Valery.
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
