[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKE header
Section 5.1 of draft-ietf-ipsec-ikev2-03.txt
describes the IKE header states
- Recipient SPI MUST be zero for the first packet
of IKE_SA_init and MUST NOT be zero for any other
packet
- Sender SPI MUST NOT be zero.
What about a node that is receiving packets
with unknown SPIs? If it has no IKE-SA then
what values would it place in the Recipient
and Sender SPI fields of an unprotected
informational containing a Notify payload?
- Flags (bit 3) MUST be set in messages sent by the
original initiator of the IKE-SA and MUST be cleared
in messages sent by the original responder.
Should "messages" be "requests" in the above
statement? And MUST a response contain the value
that was received in the request?
The term "original initiator" and "original responder"
are seen throughout the document without having been
defined. Is it safe to assume that they are referring
to the role that a node played during the establishment
of the original IKE-SA? Would these change if the original
responder initiated a rekey of the IKE-SA?
David