3.6.1 Abstract Data Model

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to explain how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behaviors are consistent with what is described in this document. This is an extension to IKE Protocol version 1 as specified in [RFC2409].

The data elements any implementation requires include the following:

• Main mode security association database (MMSAD):

  For each MM SA (as specified in [RFC2409]), the following information MUST be maintained:

  • All IKE states necessary for managing an IKE MM SA, without extensions.

  • All states necessary for managing other IKE extensions for the SA, as specified in sections 3.1.1 and 3.6.1.

  • Initial Contact: A flag indicating if the "Vid-Initial-Contact" vendor ID payload (see section 3.5.4.1) has been received for the MM SA.

    The MMSAD MUST be indexed by the local and peer IP addresses and the initiator and responder (1) cookies found in the ISAKMP header (as specified in [RFC2408]).

Note The preceding conceptual data can be implemented by using a variety of techniques. An implementation is at liberty to implement such data in any way it pleases.