Yoav Nir writes:
> Issue #159 - Payload processing order within messages
> =
> (3.1) Clarify that the text:
> ...
> Payloads are identified in the order in which
>they appear in an IKE message by looking in the "Next Payl
Dan,
I'm not aware of any such document.
Alper
> -Original Message-
> From: Dan Harkins [mailto:dhark...@lounge.org]
> Sent: Monday, February 08, 2010 8:13 PM
> To: Alper Yegin
> Cc: 'Yoav Nir'; 'Raj Singh'; 'Yaron Sheffer'; 'ipsec'
> Subject: Re: [IPsec] Fwd: Issue : Regarding EAP iden
Paul Hoffman writes:
> At 2:07 PM +0200 2/8/10, Tero Kivinen wrote:
> >Paul Hoffman writes:
> >>In the first case, if the receiving node has an active IKE SA to the
> >>IP address from whence the packet came, it MAY send an INVALID_SPI
> >>notification of the wayward packet over that IK
Yaron Sheffer writes:
> Going back to the original issue: there is no interoperable way to
> send "generic dummy packets".
True, and that is ok. This dummy packet does NOT require any
processing from the other end except that some ESP packet needs to be
sent, so other end knows that initiator has
Raj Singh writes:
> Suppose responder got IKE_AUTH request (NIP1, NP1), and now mapping got
> removed at NAT box.
> If responder will send packet to packet to last integrity protected packet
> i.e. IKE_AUTH request.
No. Section 3.1 clearly says that ALL ike response messages are always
replied bac
Hi Alper,
In that case there is no standard way for the AAA server to inform the
IKEv2 responder of this "policy" that it needs to enforce. So that sounds
unworkable.
The IKEv2 responder already has the mechanisms in place to enforce a
policy based on the authenticated identity of the IKEv
A modified charter has been submitted for the IP Security Maintenance and
Extensions (ipsecme) working group in the Security Area of the IETF. The
IESG has not made any determination as yet. The modified charter is
provided below for informational purposes only. Please send your comments
to the
