[IPsec] IKEv2-bis comments: 2.17 and onwards

1.7: This also lead to -> This also led to 2.21.: EAP Failure cases are missing altogether. Also, the first paragraph says that if an auth failure occurs at the responder, AUTHENTICATION_FAILED is included in the protected response (to IKE_AUTH), while the last paragraph says it's a separate In

Re: [IPsec] IKEv2-bis comments: 2.17 and onwards

Thanks again for the careful review. All changes made other than those listed below. --Paul HOffman At 11:06 PM +0200 1/24/10, Yaron Sheffer wrote: >2.21.: EAP Failure cases are missing altogether. Also, the first paragraph >says that if an auth failure occurs at the responder, AUTHENTICATION_F

[IPsec] Closing some of the open tickets for IKEv2bis

Hi all We would like to begin closing IKEv2bis issue at a faster rate than we are opening new ones. Paul has sent the list a several issues. Some we have discussed, others - not so much. Here's a summary of three issues, which I think are ready for closure. Issue #138 - Calculations involvin

Re: [IPsec] Issue #157: Illustrate the SA payload with a diagram

Hi Paul, Paul Hoffman writes: > > > Ditto for Proposal #2: is there a good reason for you to not have > >> included an INTEG transform? > >I was trying to illustrate a combined mode algorithm. May have got it wrong... > > That would be INTEG = NULL. Omitting it completely is also allowed (section

Re: [IPsec] Closing some of the open tickets for IKEv2bis

Yoav Nir writes: > Issue #139 - Keying material taken in the order for RoHC > > One of the differences between RFC 4306 and the IKEv2bis draft is in Section 2.17, Generating Key Material for Child SAs. Appendix E.2 of the IKEv2bis draft indi