[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
inconsistencies in IKE specs
There are notational inconsistencies about the Phase 2 (Quick Mode)
identities in IKE. These exist in both RFC 2409, and in
draft-ietf-ipsec-ike-01.txt.
In RFC 2409, they are initially defined as IDui and IDur. But, when
used, they are cited as IDci and IDcr.
In the I-D versions, they are initially defined as ID_i2 and ID_r2.
But, when cited, they are still cited as IDci and IDcr. (Perhaps the
victim of search & replace blindness to the prior error.)
Also, is there any restriction on the allowable Identification Type
for a Phase 2 identity? Would ID_IPV4_ADDR_RANGE be allowable? That
would be defining an SA for a range of IP addresses, all using the
same SPI. What would it possibly mean to have a Phase 2
Identification Type of ID_FQDN?!
Personally, I think it would make a great deal of sense to say that
Phase 2 ID's may only be ID_IPV4_ADDR or ID_IPV6_ADDR. I'd really
love to see more MUST NOT's in these specs.
Follow-Ups: