[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Re: ike2-v4: request or response] == major issue







You're right! And I'm embarrassed that such an obvious error could have
persisted so late into the review process. But much better to find it now
than after it goes RFC... I've added a R (response) bit (must be cleared
for requests, must be set for responses).

          --Charlie

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

> I do not believe that the I bit in the ikev2 header provides its
> stated function
> of allowing a recipient to determine if a pdu is a request or response. I
> believe that the header needs to be augmented with an R (request) bit.
>
> -------- Original Message --------
>
> Subject:
>
> Re: ike2-v4: request or response
>
> Date:
>
> Tue, 11 Feb 2003 10:45:56 +0100
>
> From:
>
> Francis Dupont <Francis.Dupont@enst-bretagne.fr>
>
> To:
>
> jeff pickering <jpickering@creeksidenet.com>
>
>

>  In your previous mail you wrote:
>
>    I really appreciate your response.
>    This is exacltly the statement in the spec that seems to be
>    self-contradictory:
>
>    - I-bit is set by oriiginal IKE-SA initiator. (Alice)
>    - Original responder (Bob)can also be the sender of a request.
>    => Therefore, I-bit contains no information about which end initiated
a
>    particular request.
>
>    OR am I crazy??
>
> => no, I believe you're right and there is a real problem.
> A request bit should solve the issue. Note the I bit is still
> needed if the IKEv1 order of the SPIs (aka cookies) is kept.
>
> Regards
>
> Francis.Dupont@enst-bretagne.fr
>
> PS: please ask for a request bit in the message header!
>
>
>