[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Requesting
Date: Mon, 9 Mar 98 07:43:56 EST
From: wdm@epoch.ncsc.mil (W. Douglas Maughan)
Section 4.1 of ISAKMP states that Information Exchanges MUST be
implemented. Notify Payloads are sent via an Informational Exchange, so
implementations must handle the Notify messages, including those that
say MISSING CERTIFICATE or REQUESTED-CERT-UNAVAILABLE (Michael
Richardson's wording).
I'm willing to add this as an additional Notify Message Type as long as
we believe we have *rough* consensus.
Surely handling Informational Exchanges is different from requiring that
*all* notify payloads must be implemented. Suppose we define new
payloads in the future; existing implementations wouldn't considered
non-compliant because they failed to anticipate the specification of a
new notify payload.
In any case, my understanding is that this notify message is provides a
message of an informational nature, and so an implementation is allowed
to ignore the message if it so chooses. In bureaucratese, this gets
roughly translated as "taking the information under advisement". :-)
(Of course, it shouldn't make like an NT workstation after seeing an
illegally fragmented UDP packet! That would be Bad.)
- Ted
References: