Yaron Sheffer writes:
> > Yaron Sheffer writes:
> > > 2.21.: EAP Failure cases are missing altogether. Also, the first
> > > paragraph says that if an auth failure occurs at the responder,
> > > AUTHENTICATION_FAILED is included in the protected response (to
> > > IKE_AUTH),
> >
> > Yes.
> >
> >
Valery Smyslov writes:
> Paul Hoffman writes:
> > All good points, Valery. Here's another attempt; please check carefully.
> >
> >A single CHILD_SA negotiation may result in multiple security
> >associations. ESP and AH SAs exist in pairs (one in each direction),
> >so two SAs are cre
Now that traffic-visibility has progressed, I've finally done my AD
review of draft-ietf-ipsecme-aes-ctr-ikev2-04.
This document copies most of its text verbatim from RFC 3686, and does
not even acknowledge the source (or have the disclaimer about pre-5378
text).
However, it's been noted that peo
I am out of the office until 02/08/2010.
I will respond to your message when I return.
Note: This is an automated response to your message "IPsec Digest, Vol 69,
Issue 71" sent on 1/26/10 23:39:49.
This is the only notification you will receive while this person is away._
I've now done my AD review for the heuristics draft. Mostly the draft
looks good, and all my comments are relatively minor. Least-minor
first:
- Appendix A.1: The pseudocode has couple of places where it says
"Drop invalid packet"; it seems these are wrong when the packet is UDP
encapsulated (this
+1.
Best regards,
Pasi
(not wearing any hats)
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
> Of ext Tero Kivinen
> Sent: 27 January, 2010 11:21
> To: Valery Smyslov
> Cc: ipsec@ietf.org; black_da...@emc.com; Paul Hoffman
> Subject: Re: [IPs
pasi.ero...@nokia.com writes:
> I've now done my AD review for the heuristics draft. Mostly the draft
> looks good, and all my comments are relatively minor. Least-minor
> first:
>
> - Appendix A.1: The pseudocode has couple of places where it says
> "Drop invalid packet"; it seems these are wrong
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working
Group of the IETF.
Title : Heuristics for Detecting ESP-NULL packets
Author(s) : T. Kivinen, D. McDonald
Regarding Pasi's comment on TCP header flags:
> - Appendix A.2, "Verify TCP": the bits that are currently reserved
> might get allocated in the future (and half of the bits that were
> reserved in RFC 793 have been since allocated -- so it's not very
> clear exactly what "TCP.reserved_bits"
Section 4 of IKEv2bis states:
A minimal IPv4 responder implementation will ignore the contents of
the CP payload except to determine that it includes an
INTERNAL_IP4_ADDRESS attribute and will respond with the address and
other related attributes regardless of whether the initiat
Hi,
Do folks have to implement this RFC since its of the INFORMATIONAL type?
If Yes, then i would like some sort of resolution to the issues raised in
http://www.ietf.org/mail-archive/web/ipsec/current/msg05471.html
As a developer i would like to understand as to how i am required to
do cache ma
At 5:48 AM +0530 1/28/10, Jack Kohn wrote:
>Do folks have to implement this RFC since its of the INFORMATIONAL type?
No one has to implement anything, ever. You don't have implement every IETF
standard, only the ones you want. To be clear: I'm not being facetious. The
fact that something is on s
12 matches
Mail list logo
