[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2 INFO exchange question???

To: ipsec wg <ipsec@lists.tislabs.com>
Subject: IKEv2 INFO exchange question???
From: Tom Hu <tomhu@cisco.com>
Date: Mon, 18 Aug 2003 13:19:24 -0700
Sender: owner-ipsec@lists.tislabs.com

Hi all,

I have question regarding to INFO exchange.

If the responder receives AUTH payload with piggyback SA, and the
responder found a bad SA (or TS), it looks like the AUTH with
N(notification) is the only choice to notify the Initiator by the
responder. If not, the responder sends INFO notify  instead, the
Initiator can not handle this notification because the initiator does
not auth the responder yet. Is it a correct statement?

In the draft, it says the INFO exchange only and must occurrs after
initial exchange (after 4th message) no matter it is piggyback exchange
or not. The only exception is that "Invalid SPI" notification can be
sent in the any state when you lost the track of sa. Is any other
exception ?.

Thanks,

Tom Hu

Prev by Date: Unfixed errors and issues indraft-ietf-ipsec-ikev2-algorithms-03.txt
Next by Date: Re: The remaining IKEv2 issues
Prev by thread: Unfixed errors and issues indraft-ietf-ipsec-ikev2-algorithms-03.txt
Next by thread: Initiator exposes DOS attack for IKEv2?
Index(es):
- Date
- Thread