2 - 3 - 4 - 6 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X
Security Association
Click on the red underlined text to get to the source
... group related
protocols using ISAKMP to negotiate security associations. Security
protocols sharing a DOI choose security protocol ...
... identifiers. They also share a common interpretation of DOI-specific
payload data content, including the Security Association and
Identification payloads.
...
... the responder to make a policy determination about how to process the
incoming Security Association request. For the IPSEC DOI, the
Situation field is a four (4) octet bitmask with the following
...
... The SIT_IDENTITY_ONLY type specifies that the security association
will be identified by source identity information present in an
...
...
The SIT_SECRECY type specifies that the security association is being
negotiated in an environment that requires labeled secrecy. If
SIT ...
... variable-length data that includes a sensitivity
level and compartment bitmask. See Section 4.6.1 for a complete
description of the Security Association Payload format.
...
... SUPPORTED Notification Payload SHOULD be returned and the security
association setup MUST be aborted.
...
... The SIT_INTEGRITY type specifies that the security association is
being negotiated in an environment that requires labeled integrity.
...
... follows the variable-length secrecy level and categories. See
section 4.6.1 for a complete description of the Security Association
Payload format.
...
... SUPPORTED Notification Payload SHOULD be returned and the security
association setup MUST be aborted.
...
... ESP, and IPCOMP Transform Identifiers, Security Association
Attribute Type Values, Labeled Domain Identifiers ...
...
Specifies the time-to-live for the overall security
association. When the SA expires, all keys negotiated under
the association ...
... IPSEC DOI attribute (or
attribute value) which it does not support, an ATTRIBUTES-NOT-SUPPORT
SHOULD be sent and the security association setup MUST be aborted,
unless the attribute value is in the reserved range.
...
... Security Association Payload ...
...
The following diagram illustrates the content of the Security
Association Payload for the IPSEC DOI. See Section 4.2 for a
description of the Situation bitmap.
...
... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Security Association Payload Format
The Security Association Payload ...
... Security Association Payload Format
The Security Association Payload is defined as follows:
o Next Payload ...
... o Situation (4 octets) - Bitmask used to interpret the remainder
of the Security Association Payload. See Section 4.2 for a
complete list of values.
...
...
The following table lists the assigned values for the Labeled Domain
Identifier field contained in the Situation field of the Security
Association Payload.
...
... Identification Payload is used to identify the initiator of the
Security Association. The identity of the initiator SHOULD be used
...
... set to zero or to UDP port 500. If an implementation receives any
other values, this MUST be treated as an error and the security
association setup MUST be aborted. This event SHOULD be auditable.
...
... Maughan, D., Schertler, M., Schneider, M., and J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)", RFC 2408(-> 4306prop), November 1998. ...