[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: Re: ike2-v4: request or response] == major issue

To: ipsec@lists.tislabs.com
Subject: [Fwd: Re: ike2-v4: request or response] == major issue
From: "jpickering@creeksidenet.com" <jpickering@creeksidenet.com>
Date: Thu, 13 Feb 2003 16:40:14 -0500
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; m18) Gecko/20001108 Netscape6/6.0

I do not believe that the I bit in the ikev2 header provides its stated function
of allowing a recipient to determine if a pdu is a request or response. I
believe that the header needs to be augmented with an R (request) bit.

-------- Original Message --------

Subject:	Re: ike2-v4: request or response
Date:	Tue, 11 Feb 2003 10:45:56 +0100
From:	Francis Dupont <Francis.Dupont@enst-bretagne.fr>
To:	jeff pickering <jpickering@creeksidenet.com>

 In your previous mail you wrote:

   I really appreciate your response.
   This is exacltly the statement in the spec that seems to be
   self-contradictory:
   
   - I-bit is set by oriiginal IKE-SA initiator. (Alice)
   - Original responder (Bob)can also be the sender of a request.
   => Therefore, I-bit contains no information about which end initiated a
   particular request.
   
   OR am I crazy??
   
=> no, I believe you're right and there is a real problem.
A request bit should solve the issue. Note the I bit is still
needed if the IKEv1 order of the SPIs (aka cookies) is kept.

Regards

Francis.Dupont@enst-bretagne.fr

PS: please ask for a request bit in the message header!

Follow-Ups:
- Re: [Fwd: Re: ike2-v4: request or response] == major issue
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: Re: IKEV2: Issue #4 Revised Identity
Next by Date: Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
Prev by thread: IKEv2: Remaining Issues - ECNFIX
Next by thread: Re: [Fwd: Re: ike2-v4: request or response] == major issue
Index(es):
- Date
- Thread