[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE V2 Open Issues



 In your previous mail you wrote:

   2) Tero's proposal for a new source-address-changed notification
   payload.

=> note there is an older proposal. IMHO as the peer address can be
changed using rekeying, there is no immediate need for a new payload
(but if it can be done in time there is no need to wait).
Unfortunately there is an immediate need to protect peer addresses,
I propose to introduce two notifications modelled after NAT detection
which will be included into all messages when NAT traversal is not
active (a very simple way to solve the issue).

   We proposed in San Francisco that issues regarding address
   management be considered out of scope, and deferred to another working
   group.  Tero's proposal is short and self-contained, hopefully
   non-controversial.  If so, it seems reasonable to the wg chairs that
   it be included in ikev2.  If there are any questions or debate over
   this item, however, we feel it should be defered to another working
   group.
   
=> Tero's and my proposals provide roughly the same thing. IMHO it
will be more useful to use our free time to fix the NAT traversal
text in the current draft (Tero sent some text but it was not
included).

   5) Lack of definition of the COOKIE_REQUIRED notify payload.
   Charlie's suggestion to delete the COOKIE_REQUIRED payload and simply
   to use the COOKIE payload is simple, and non-controversial.
   
=> I agree this is the simplest way to fix it!

Thanks

Francis.Dupont@enst-bretagne.fr

PS: I'll send for Friday morning a complete set of little details to
fix in the current draft. I believe the only controversial one could be
about NAT traversal.