[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some questions about the draft-ieft-ipsec-ike-00.txt



> 6.4.2 Acknowledged Informational
> ...
>    The acknowledged Informational exchange is defined as:
> 
>        Initiator                        Responder
>       -----------                      -----------
>        HDR*, HASH(1), Ni, N/D  -->
>                                <--      HDR*, HASH(2), Nr, N/D

I assume this is defined so that even if the responder does not
understand the contents of the payloads, it MUST send the reply back?
I.e If I send the other end notification payload having unknown
notification number, the other end MUST send the second packet back,
and it MUST NOT send any kind of error (no error notifications for
notifications).

Is this interpretation correct?

If so, I would like to see something like this describing that in the
document:
----------------------------------------------------------------------
   The responder MUST always send back the reply packet defined above,
   even if there is an error while processing the packet sent by the
   initiator. This means that the initiator will always get the reply
   back from the responder, and that reply simply means that the
   responder received the packet. The reply does not mean that the
   responder understood and/or acted based on the packet it received.
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/