Hi,
EAP-Mutual has just gone through IESG review, but I'd like to make one
more addition and would appreciate the group's feedback.
The interaction between this draft
(https://datatracker.ietf.org/doc/draft-ietf-ipsecme-eap-mutual/) and
session resumption (RFC 5723 <http://tools.ietf.org/html/rfc5723>) is
simple, but I think should still be pointed out. So I was thinking of
adding this text at the end of Sec. 3:
An IKE SA that was set up with this extension can be resumed using
the mechanism described
in <xref target="RFC5723"/>. However session resumption does not
change the authentication
method. Therefore during the IKE_AUTH exchange of the resumed
session, this extension MUST NOT be sent by the initiator.
All comments welcome.
Thanks,
Yaron
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
