2.2.3.3 GSS_ID 0x86 Payload Packet
In IKEv1, the identity information is passed between peers as an attribute of the security association (SA) in the form of an identity payload, as specified in [RFC2408] section 3.8. In the Authenticated Internet Protocol, a separate payload is used to convey identity information in the form of a security principal name.
The following diagram shows the GSS_ID 0x86 payload packet structure.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Security Principle Name (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Security Principle Name (variable): The GSS-API representation of a security principal name, as specified in [MS-KILE] section 3.1.5.11. The security principal name sent MUST be a Unicode string. The security principal name MUST NOT contain the NULL string terminator. All authentication mechanisms MUST use this representation of the security principal name.