Hi Yoav, Please find my inputs:
1. In section 3: ..... A supporting responder that advertised the VID payload in the IKE_INIT response MUST process a modified IKE_AUTH request, and MUST reply with a modified IKE_AUTH response. Such a responder MUST NOT reply with a modified IKE_AUTH response if the initiator did not send a modified IKE_AUTH request. A supporting responder that has been configured not to support this extension to the protocol MUST behave as the same as if it didn't support this extension. It MUST NOT advertise the capability with a VID payload, and it SHOULD reply with an INVALID_SYNTAX Notify payload if the client sends an IKE_AUTH request that is modified as described in Section 5. .... It does not fully clarifies exactly the behavior of the responder if a faulty initiator send modified IKE_AUTH request without responder sending NO_CHILD in IKE_SA_INIT response ? Shall in that case responder should bring UP the only IKE SA and send modified response or send INVALID_SYNTAX notify and tear down the SA? More clarity needed here. Also we can replace SHOULD to MUST for INVALID_SYNTAX. 2. In whole document, IKE_SA_INIT exchange has been termed as IKE_INIT, change it to IKE_SA_INIT. 3. In section 4, hash string "Can do IKE_AUTH without child SA payloads also" seems to more close to what draft says :-) Thanks & Regards, Raj On Thu, Jun 18, 2009 at 2:38 AM, Yoav Nir <y...@checkpoint.com> wrote: > Hi all > > version -02 of this private submission draft, with two additional > co-authors and some more use cases. > > Enjoy > > Yoav > ________________________________________ > From: i-d-announce-boun...@ietf.org [i-d-announce-boun...@ietf.org] On > Behalf Of internet-dra...@ietf.org [internet-dra...@ietf.org] > Sent: Thursday, June 18, 2009 00:00 > To: i-d-annou...@ietf.org > Subject: I-D Action:draft-nir-ike-nochild-02.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > Title : A Childless Initiation of the IKE SA > Author(s) : Y. Nir, et al. > Filename : draft-nir-ike-nochild-02.txt > Pages : 7 > Date : 2009-06-17 > > This document describes an extension to the IKEv2 protocol that > allows an IKE SA to be created and authenticated without generating a > child SA. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-nir-ike-nochild-02.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > > > Email secured by Check Point > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
