#22 - Add section on simultaneous IKE SA rekey
There was no discussion. We will bring this up one more time
because it is important, but if there is not more interest and
more inclination to review Tero's text, we will write a short
note in the document that simultaneous IKE SA rekey is an issue
but nothing else.
#26 - Missing treatment of error cases
Will use Tero's last wording as a proposed way forward. There is
an open issue about what other payloads might or might not be in
the error responses, so we will leave the issue open for
discussion after the draft with the new wording is posted. I also
copy editied the section, so it needs to be reviewed.
#28 - Obtaining src/dest IP addresses for UDP-encapsulated transport mode ESP
Added Tero's text as section 2.23.1. Changed one MUST to a MAY
based on the discussion with Scott. Note that I removed any
mention of RFC 3947, which is not part of IKEv2. I also heavily
copy edited the section, so it needs to be reviewed.
#79 - Remove CP from Create_Child_SA?
There was no agreement on this. We should probably close out the issue
unless those interested can agree on the semantics.
#107 - Sending certificate chains in IKEv2
Fixed in -05. Added "Note that with this encoding, if a chain of
certificates needs to be sent, multiple CERT payloads are used,
only the first of which holds the public key used to validate
the sender's AUTH payload."
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
