Proxy ID and RFC

The phrase "proxy ID" isn't explicitly used in the various IPsec related RFCs. However, it was used by members of the the IPsec mailing list and in various drafts of what became IPsec RFCs. For example, the following section is taken from draft-ietf-ipsec-isakmp-oakley-05.txt, section 5.6 titled "Phase 2- Quick Mode" :-

If ISAKMP is acting as a proxy negotiator on behalf of another party the identities of the parties MUST be passed as IDui and then IDur. Local policy will dictate whether the proposals are acceptible for the identities specified.

...

The proxy identities are used to identify and direct traffic to the appropriate tunnel in cases where multiple tunnels exist between two peers and also to allow for unique and shared SAs with different granularities. Local policy will determine whether packets which do not match the proxy information on which a tunnel was created will be forwarded upon leaving the tunnel.

The language changed considerably by the time RFC 2408 and 2409 was created and the above sections do not appear. The main references to "proxy" left are in RFC 2408 section 4.1 :-

IDx is the identity payload for "x". x can be: "ii" or "ir" for the ISAKMP initiator and responder, respectively, or x can be: "ui", "ur" (when the ISAKMP daemon is a proxy negotiator), for the user initiator and responder, respectively.

and RFC 2409 section 7.2 :-

The following payloads are exchanged in the first round of Quick Mode with ISAKMP SA negotiation. In this hypothetical exchange, the ISAKMP negotiators are proxies for other parties which have requested authentication.

Hi, Thanks a lot. Regards, Prashant