125   Figure 24 Phase 1 Informational Exchange

Created: 01 Aug 2025

Status: Approval (Editoral)

Part: Part 9 (2023, Edition2)

Links:

Page: 82

Clause: Figure 24

Paragraph: Figure 24

Issue

Since in IEC 62351-9 we are requiring that Phase 1 Informational Exchange is always sent unecrypted, regardless the fact that keying material has been exchanged, it would be more appropriate to indicate that no encryption occours also in figure 24 by removing the "*" symbol after HDR.

Proposal

Update Figure 24 as per the attachment.

Discussion Created Status
Accepted as information change as it basically reflects the referenced RFC 2408 behavior 18 Dec 25 Approval (Editoral)
Discussed during TF Meeting on December 18, 2025:

Change last Sentence in 8.4.2.1 to and add the note:

The phase 1 informational exchange message shall have the Message ID field in the ISAKMP header set to 0. Note, that according to RFC 2408 the Informational Exchange may be sent unprotected, if it occurs prior to the exchange of keying material during an ISAKMP Phase 1 negotiation. 		18 Dec 25 Discussion (red)
Please also note that, at the end of clause "8.4.2.1 General", we have the text: "The phase 1 informational exchange message shall have the Message ID field in the ISAKMP header set to 0 and shall not be encrypted.".


So, the content of the proposed note might be used to replace the abovementioned text. 		08 Sep 25 Accepted
I also believe it is well explained in RFC 2408. So, if we add the note, as suggested by Steffen, that provides enough clarification. 08 Sep 25 Accepted
Figure 24 was taken from RFC 2408 as noted by Herb.

Nevertheless, according the the RFC 2408, section 4.8, there are two cases:
If the Informational Exchange occurs prior to the exchange of keying
material during an ISAKMP Phase 1 negotiation, there will be no
protection provided for the Informational Exchange. Once keying
material has been exchanged or an ISAKMP SA has been established, the
Informational Exchange MUST be transmitted under the protection
provided by the keying material or the ISAKMP SA.

We implicitly state that also in IEC 62351-9 clause 8.4.2 by referencing the RFC 2408. Specifically for the notification and delete payload.

What may be added is a note to figure 24 to have explicit statement for the protection. Proposal to include the following note:

Note, that according to RFC 2408 the Informational Exchange may be sent unprotected, if it occurs prior to the exchange of keying material during an ISAKMP Phase 1 negotiation.

If this addition is accepted, I would propose to handle it as editorial improvement. 		04 Sep 25 Accepted
Forgot to add the notation definition, and the HDR* is needed. From RFC 2409:
" HDR is an ISAKMP header whose exchange type is the mode. When
writen as HDR* it indicates payload encryption." 		01 Aug 25 Triage
I disagree with the change as the diagram is from RFC 2409. It would cause misalignment with the RFC. See top of page 11 of the RFC 01 Aug 25 Triage

 

Privacy | Contact | Disclaimer

Tissue DB v. 25.7.7.1