[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interoperability - Overlapping requests



Greetings,

A question regarding Section 2.3 of ikev2-06. 
Perhaps I am not understanding the verbage correctly, but I could foresee
differing interpretations
being made by different developers.

The first paragraph states:

In order to maximize IKE throughput, an IKE endpoint MAY issue
   multiple requests before getting a response to any of them. For
   simplicity, an IKE implementation MAY choose to process requests
   strictly in order and/or wait for a response to one request before
   issuing another. Certain rules must be followed to assure
   interoperability between implementations using different strategies.

While Paragraph 3 states:

An IKE endpoint MUST wait for a response to each of its messages
   before sending a subsequent message unless it has received a Notify
   message from its peer informing it that the peer is prepared to
   maintain state for multiple outstanding messages in order to allow
   greater throughput.

Should paragraph 1 also contain a statement regarding an outstanding message
state? Also, can I assume that the outstanding messages can fall outside of
the
replay protection window?

Any clarification is appreciated,

Regards,


		Mark Zimmerman
		Program Manager
		ICSA Labs
		

***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited.  If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************