Yaron Sheffer writes: > >From Appendix C: The specification does not say which messages can contain > N(SET_WINDOW_SIZE). It can possibly be included in any message, but it is > not yet shown below. > > SF discussion: Paul said, "wherever you wish."
I agree on that. Logical places are: 1) In separate the INFORMATIONAL exchange immediately after IKE_AUTH or IKE SA rekey CREATE_CHILD_SA to set the initial window. 2) In the IKE_AUTH or in the IKE SA rekey CREATE_CHILD_SA to set initial window. I do not think there is any need to prefer either one of those two locations. Usually the window size is something that is set once after the IKE SA is created (and after it is rekeyed), and it will never be changed after that. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
