Resending the query again, as I did not see any response to this query.
It looks like additional EAP ID request to the client is not needed, so I think we should move the "should" to "SHOULD" again. Any thoughts? Thanks, Srinivas From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Srinivasu S R S Dhulipala (srinid) Sent: Monday, November 09, 2009 3:12 PM To: ipsec@ietf.org Subject: [IPsec] EAP Identity request in IKEv2 Hi, I see that RFC4306 has the following lines at the end of Sec3.16: Note that since IKE passes an indication of initiator identity in message 3 of the protocol, the responder SHOULD NOT send EAP Identity requests. The initiator SHOULD, however, respond to such requests if it receives them. I see that from draft-ietf-ipsecme-ikev2bis-01, "SHOUD" and "SHOULD NOT" were demoted to "should" and "should not", the text now looks as below: {{ Demoted the SHOULD NOT and SHOULD }} Note that since IKE passes an indication of initiator identity in message 3 of the protocol, the responder should not send EAP Identity requests. The initiator may, however, respond to such requests if it receives them. Also, "The initiator SHOULD" is now "The initiator may". I would like to understand why these changes were done. Why do we need to do an EAP-ID request as IDi should carry an indication of the client's identity? Thanks, Srinivas
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
