Re: [IPsec] FW: I-D Action:draft-nir-ike-nochild-00.txt

Thu, 21 May 2009 11:43:50 -0700 

Hi Yoav,

1. In section5, why we need N[ADDITIONAL_TS_POSSIBLE] when we want to create
child sa?
2. Also, please mention clearly in draft that what should be the behavior of
responder if a faulty initiator sends modified IKE_AUTH request, even if
responder has not send IKE_AUTH_NO_CHILD VID payload.
3. Also, why its a VID payload, Notify suits better. Because a third party
client will want to connect to some other server. Please give justification
for IKE_AUTH_NO_CHILD to be a VID.

Thanks,
Raj

On Thu, May 21, 2009 at 7:30 PM, Yoav Nir <y...@checkpoint.com> wrote:

> Hi all
>
> Recently there's been some discussions about creating an IKE SA without
> child SAs (on purpose).
>
> I'm still not entirely convinced that this is necessary, but I have
> submitted this draft, and would like to hear comments about it.  Does it
> fill the need that some people on this mailing list expressed?
>
> Thanks
>
> Yoav
>
> -----Original Message-----
> From: i-d-announce-boun...@ietf.org [mailto:i-d-announce-boun...@ietf.org]
> On Behalf Of internet-dra...@ietf.org
> Sent: Thursday, May 21, 2009 3:45 PM
> To: i-d-annou...@ietf.org
> Subject: I-D Action:draft-nir-ike-nochild-00.txt
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>
>        Title           : A Childless Initiation of the IKE SA
>        Author(s)       : Y. Nir
>        Filename        : draft-nir-ike-nochild-00.txt
>        Pages           : 6
>        Date            : 2009-05-21
>
> This document describes an extension to the IKEv2 protocol that allows an
> IKE SA to be created and authenticated without generating a child SA.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-nir-ike-nochild-00.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
>
>
> Email secured by Check Point
>
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
>

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to