[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Concerning the SOURCE-ADDRESS-CHANGED proposal




Hmm... after looking at Tero's proposal, Barbara and I have found some
places where it requires some polishing and attention to corner cases as
well:

>            This notification is sent when the other end has changed
                                                ^^^^^^^^^ 
We assume this should be "sender", or the rest of the sentence
doesn't make any sense.

>            its IP-address and wants the responder of this
>            notification to update the IKE SA remote peer address and
>            port. When this notification is received the host MUST
>            do the dead peer detection against the address given in
>            this payload, and if that is successful then the IKE SA
>            peer address and all the child SA tunnel endpoint
>            addresses MUST be updated to new address. 

Tero's specification doesn't state what should happen if the dead peer
detection fails, or how long the responder should hold onto the address
change notification state information and do the "dead peer detection
thing" until its peer appears on the new source address.

These are minor issues, which can certainly be worked out.  But in the
interests of time and closure, and given that both Tero's and
Francis's proposals are additions to the ikev2 protocol that could be
easily specified as an addition in a separate document, Barbara and I
will suggest that this be best handled separately from the ikev2
specification.

							- Ted