I see that in section 6 the following: In such cases, the gateway should send the REDIRECT notification payload in the final IKE_AUTH response message that carries the AUTH payload and the traffic selectors. The gateway MUST NOT send and the client MUST NOT accept a redirect in an earlier IKE_AUTH message.
I like that, and that was my position earlier, but wasn't the conclusion at San Francisco that the REDIRECT could come in either the first AUTH response (where we know the ID the client is using, temporary or not) *OR* in the last response? When did we decide to not allow it in the first resopnse? Other than that, I think the document is fine and ready for publication. Yaron Sheffer wrote: > This is a 2 week working group last call for > draft-ietf-ipsecme-ikev2-redirect-08. The target status for > this document is Proposed Standard. This is the document's > second last call, following comments by a number of people > and several document revisions. > > Please send your comments to the ipsec list by April 30, > 2009, as follow-ups to this message. > > Please clearly indicate the position of any issue in the > Internet Draft, and if possible provide alternative text. > Please also indicate the nature or severity of the error or > correction, e.g. major technical, minor technical, nit, so > that we can quickly judge the extent of problems with the document. > > The document can be accessed here: > http://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-redirect-08. > > Thanks, > Yaron Email secured by Check Point _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
