Scott C Moonen writes:
> Tero,
>
> > > 2) Disallow floating on IKE_SA_INIT unless . . .
> > Why do you want to disallow that? . . .
> >
> > > 3) Disallow this elective use of UDP-encap unless . . .
> > Again why do that?
>
> I guess I'm thinking more about what is advisable (without out-of-band
At 3:02 PM +0530 1/11/10, Bhatia, Manav (Manav) wrote:
Dan,
You trust the end nodes to negotiate WESP and encapsulate their ESP
packets in WESP but you don't trust the content they put into those
packets. Is that the trust model you're operating on?
No.
We trust the end nodes to put th
Section 4 of IKEv2bis (and RFC 4306) states:
IKEv2 is designed to permit minimal implementations that can
interoperate with all compliant implementations. There are a series
of optional features that can easily be ignored by a particular
implementation if it does not support that fea
