Re: [IPsec] IKEv2-bis comments: 2.17 and onwards (#170)

2010-01-28 Thread Pasi.Eronen
Tero Kivinen wrote: > pasi.ero...@nokia.com writes: > > Paul Hoffman wrote: > > > > > >B.1 (Group 1): We may want to add: "Use of this group is NOT > > > RECOMMENDED." > > > > > > Please open a tracker issue for this. Even though this is obvious, > > > it is a tad late to be suggesting new normativ

Re: [IPsec] IKEv2-bis comments: 2.17 and onwards

2010-01-27 Thread Tero Kivinen
Yaron Sheffer writes: > > Yaron Sheffer writes: > > > 2.21.: EAP Failure cases are missing altogether. Also, the first > > > paragraph says that if an auth failure occurs at the responder, > > > AUTHENTICATION_FAILED is included in the protected response (to > > > IKE_AUTH), > > > > Yes. > > > >

Re: [IPsec] IKEv2-bis comments: 2.17 and onwards

2010-01-26 Thread Yaron Sheffer
Hi Tero, please see below. Thanks, Yaron > -Original Message- > From: Tero Kivinen [mailto:kivi...@iki.fi] > Sent: Monday, January 25, 2010 13:31 > To: Yaron Sheffer > Cc: IPsecme WG > Subject: [IPsec] IKEv2-bis comments: 2.17 and onwards > > Yaron Sheffe

Re: [IPsec] IKEv2-bis comments: 2.17 and onwards (#170)

2010-01-26 Thread Tero Kivinen
pasi.ero...@nokia.com writes: > Paul Hoffman wrote: > > > >B.1 (Group 1): We may want to add: "Use of this group is NOT > > RECOMMENDED." > > > > Please open a tracker issue for this. Even though this is obvious, it > > is a tad late to be suggesting new normative language. > > This "NOT RECOMME

Re: [IPsec] IKEv2-bis comments: 2.17 and onwards (#170)

2010-01-26 Thread Pasi.Eronen
Paul Hoffman wrote: > >B.1 (Group 1): We may want to add: "Use of this group is NOT > RECOMMENDED." > > Please open a tracker issue for this. Even though this is obvious, it > is a tad late to be suggesting new normative language. This "NOT RECOMMENDED" would belong in an update to RFC 4307, not

[IPsec] IKEv2-bis comments: 2.17 and onwards

2010-01-25 Thread Tero Kivinen
Yaron Sheffer writes: > 2.21.: EAP Failure cases are missing altogether. Also, the first > paragraph says that if an auth failure occurs at the responder, > AUTHENTICATION_FAILED is included in the protected response (to > IKE_AUTH), Yes. > while the last paragraph says it's a separate > Informat

Re: [IPsec] IKEv2-bis comments: 2.17 and onwards

2010-01-24 Thread Paul Hoffman
Thanks again for the careful review. All changes made other than those listed below. --Paul HOffman At 11:06 PM +0200 1/24/10, Yaron Sheffer wrote: >2.21.: EAP Failure cases are missing altogether. Also, the first paragraph >says that if an auth failure occurs at the responder, AUTHENTICATION_F

[IPsec] IKEv2-bis comments: 2.17 and onwards

2010-01-24 Thread Yaron Sheffer
1.7: This also lead to -> This also led to 2.21.: EAP Failure cases are missing altogether. Also, the first paragraph says that if an auth failure occurs at the responder, AUTHENTICATION_FAILED is included in the protected response (to IKE_AUTH), while the last paragraph says it's a separate In