> Looks good to me. Agreed.
Scott Moonen (smoo...@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Yaron Sheffer <yar...@checkpoint.com> To: Paul Hoffman <paul.hoff...@vpnc.org>, IPsecme WG <ipsec@ietf.org> Date: 12/28/2009 11:08 AM Subject: Re: [IPsec] Clarifying what happens with INITIAL_CONTACT Looks good to me. Yaron -----Original Message----- From: Paul Hoffman [mailto:paul.hoff...@vpnc.org] Sent: Monday, December 28, 2009 17:36 To: Yaron Sheffer; IPsecme WG Subject: Re: [IPsec] Clarifying what happens with INITIAL_CONTACT At 5:28 PM +0200 12/28/09, Yaron Sheffer wrote: >You are adding two MUSTs, which we SHOULD NOT do unless we have very good reasons, such as interop problems, security issues, or major functionality problems (like memory leaks). I'm not sure any of these apply, so I suggest that you change the wording to be non-normative. Whoops, all good points. I got carried away. How about: When an initiator receives an INITIAL_CONTACT notification in response to its IKE_AUTH request, it silently deletes any IKE SAs and associated Child SAs for that responder without sending any notifications to the responder. If a responder receives an INITIAL_CONTACT notification in an IKE_AUTH request, it silently deletes any IKE SAs and associated Child SAs for that initiator without sending any notifications to the initiator. --Paul Hoffman, Director --VPN Consortium Scanned by Check Point Total Security Gateway. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
