Hi all. We're starting discussions of the issues that are open for the failure detection draft.
Reported by Scott C Moonen: What is the purpose of sending an empty response to the unprotected N(INVALID[_IKE]_SPI)&N(QCD_TOKEN)+ message? I'm not sure it provides any real value and would really prefer not to send it. Also, this contradicts a few "MUST NOT" statements in ikev2bis concerning how we handle unprotected messages; if the consensus is to keep this behavior then we should make clear that we are self-consciously breaking the rules here. What Scott is referring to is the last paragraph of section 4.5: If the QCD_TOKEN verifies OK, an empty response MUST be sent. If the QCD_TOKEN cannot be validated, a response MUST NOT be sent. Section 5 defines token verification. I believe Scott is right. I don't know what I was thinking when I wrote this. In fact, I believe the name of the section should be changed (from "Presenting the Token in an INFORMATIONAL Exchange") because this is not an INFORMATIONAL exchange. If you can think of a reason why this needs to be like this instead of the following, please reply. If the QCD_TOKEN verifies OK, the IKE SA and its associated Child SAs MUST be silently discarded. If the QCD_TOKEN cannot be validated, the Notification MUST be ignored, and the incident MAY be logged. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
