Hi Pasi,
On 6/11/09 3:13 AM, "pasi.ero...@nokia.com" wrote:
> Vijay Devarapalli wrote:
>
>>> What do you mean by "valid"? So the client could potentially ignore
>>> the redirect (in the last IKE_AUTH response), and continue using the
>>> IKE_SA (at least for some time) for other exhanges?
>>
>>
pasi.ero...@nokia.com writes:
> Anyone else in the WG care to comment? If the gateway sends REDIRECT
> in the last IKE_AUTH response, can the client ignore it and continue
> using the IKE_SA?
I did assume that, as the IKE SA was created completely, and it is
usable. Of course client should follow
Vijay Devarapalli wrote:
> > What do you mean by "valid"? So the client could potentially ignore
> > the redirect (in the last IKE_AUTH response), and continue using the
> > IKE_SA (at least for some time) for other exhanges?
>
> Yes, the client can use the IKEv2 SA for other exchanges if it want
Hi Pasi,
On 6/5/09 4:42 AM, "pasi.ero...@nokia.com" wrote:
> Vijay Devarapalli wrote:
>
>>> And having these two cases is more complex than having just one
>>> (IKE_SA is not used for any more exchanges). What benefits does
>>> this additional complexity (both in spec and in implementation)
>>>
Hi Team,
I agree with Pasi.
Regards,
Raj
On Fri, Jun 5, 2009 at 5:12 PM, wrote:
> Vijay Devarapalli wrote:
>
> > > And having these two cases is more complex than having just one
> > > (IKE_SA is not used for any more exchanges). What benefits does
> > > this additional complexity (both in spe
Vijay Devarapalli wrote:
> > And having these two cases is more complex than having just one
> > (IKE_SA is not used for any more exchanges). What benefits does
> > this additional complexity (both in spec and in implementation)
> > get us?
> >
> > If nothing, let's just remove it
>
> When th
Hi Pasi,
On 5/28/09 10:38 AM, "pasi.ero...@nokia.com" wrote:
> Vijay Devarapalli wrote:
>
>> In the redirect-during-IKE_AUTH cases, the only time the IKEv2 SA is
>> not valid is when EAP is used and the redirect is done based on the
>> unauthenticated ID. In all other cases, the IKEv2 SA is vali
Vijay Devarapalli wrote:
> In the redirect-during-IKE_AUTH cases, the only time the IKEv2 SA is
> not valid is when EAP is used and the redirect is done based on the
> unauthenticated ID. In all other cases, the IKEv2 SA is valid and
> should be torn down with an INFORMATIONAL exchange.
>
> IMHO,
Hi Pasi,
On 5/26/09 1:17 AM, "pasi.ero...@nokia.com" wrote:
> There's one remaining issue that was changed due to WGLC comments, but
> the result isn't quite what it IMHO should be.
>
> When doing redirection during IKE_AUTH, in some situations the
> IKE_AUTH response with the REDIRECT is the la
FYI: Tim will be the responsible AD for this draft (since I was listed
as a co-author in an earlier version); he will hopefully do his AD
evaluation soon (and might consider these as IETF Last Call comments).
There's one remaining issue that was changed due to WGLC comments, but
the result isn
10 matches
Mail list logo
