Thanks for the two editorial notes; fixed. We want more input on the following:
At 3:28 PM +0300 9/21/09, Tero Kivinen wrote: > > <t>NOTE FOR WG DISCUSSION: Having other payloads in the message is >> allowed but there are none suggested. One WG member mentioned the >> possibility of adding a DELETE payload when the error is sent in a >> separate INFORMATIONAL exchange. Do we want to allow such additional >> payloads that have operational semantics?</t> > >As I do not see any other reason to start new informational exchange >when processing IKE_AUTH reply than fatal errors when creating it >(i.e. AUTHENTICATION_FAILED) which already deletes the IKE SA, I do >not see any benefit from adding DELETE notification to the message. It >would be saying the same thing twice: "There was fatal error delete >the sa, and by the way delete the sa." --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
