Hi Yoav, On Thu, Jun 18, 2009 at 11:24 AM, Raj Singh <rsjen...@gmail.com> wrote:
> Hi Yoav, > > Please find my inputs: > > 1. In section 3: > > ..... > > A supporting responder that advertised the VID payload in the > IKE_INIT response MUST process a modified IKE_AUTH request, and MUST > > reply with a modified IKE_AUTH response. Such a responder MUST NOT > reply with a modified IKE_AUTH response if the initiator did not send > a modified IKE_AUTH request. > A supporting responder that has been configured not to support this > > extension to the protocol MUST behave as the same as if it didn't > support this extension. It MUST NOT advertise the capability with a > VID payload, and it SHOULD reply with an INVALID_SYNTAX Notify > payload if the client sends an IKE_AUTH request that is modified as > > described in Section 5. > > > .... > > It does not fully clarifies exactly the behavior of the responder if a > faulty initiator send modified IKE_AUTH request without responder sending > NO_CHILD > in IKE_SA_INIT response ? Shall in that case responder should bring UP the > only IKE SA > > and send modified response or send INVALID_SYNTAX notify and tear down the > SA? More > clarity needed here. Also we can replace SHOULD to MUST for INVALID_SYNTAX. > > 2. In whole document, IKE_SA_INIT exchange has been termed as IKE_INIT, > change it to IKE_SA_INIT. > > 3. In section 4, hash string "Can do IKE_AUTH without child SA payloads > also" seems to more close to what draft says :-) Also please make a mention of hashing algorithm for completeness. > > > Thanks & Regards, > Raj > With Regards, Raj > > On Thu, Jun 18, 2009 at 2:38 AM, Yoav Nir <y...@checkpoint.com> wrote: > >> Hi all >> >> version -02 of this private submission draft, with two additional >> co-authors and some more use cases. >> >> Enjoy >> >> Yoav >> ________________________________________ >> From: i-d-announce-boun...@ietf.org [i-d-announce-boun...@ietf.org] On >> Behalf Of internet-dra...@ietf.org [internet-dra...@ietf.org] >> Sent: Thursday, June 18, 2009 00:00 >> To: i-d-annou...@ietf.org >> Subject: I-D Action:draft-nir-ike-nochild-02.txt >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> >> Title : A Childless Initiation of the IKE SA >> Author(s) : Y. Nir, et al. >> Filename : draft-nir-ike-nochild-02.txt >> Pages : 7 >> Date : 2009-06-17 >> >> This document describes an extension to the IKEv2 protocol that >> allows an IKE SA to be created and authenticated without generating a >> child SA. >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-nir-ike-nochild-02.txt >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> Below is the data which will enable a MIME compliant mail reader >> implementation to automatically retrieve the ASCII version of the >> Internet-Draft. >> >> >> >> Email secured by Check Point >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> >> >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
