Paul Hoffman writes: > >True, we need some other term for it. Something like the original > >IKE_SA_INIT initiator or the party initiating the initial connection > >(i.e. triggering). Or simply say that the QCD_TOKENs in INFORMATIONAL > >exchanges and rekeys can only be sent by the peer who originally sent > >them in the IKE_AUTH, and in IKE_AUTH limit the QCD_TOKEN to the > >responder. > > Is this added complexity really needed? It sounds like a dangerous > addition. Please be sure the value is actually worth the risk.
I am suggesting simplyfying the protocol, not adding complexity. It might add some text to the specification, but reduce code from the implementation, as then implementation is always either token maker or taker, never both. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
