If an implementation decides to send the INVALID_MESSAGE_ID notification, shoild it ONLY send this after an IKE_AUTH exchange has been completed? It seems to be so as section 2.3 states that an INFORMATIONAL exchange is started, but it is not clear what should be done if a message of the two initial exchanges has an invalid message id (an implementation should always use 0 for IKE_SA_INIT and 1 for IKE_AUTH, but what if this does not happen?)
Regards, Matt _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
