[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ipsec-ikev2-11.txt
As I was writing my previous mail to the list I noticed something I
consider bug or typo in the draft-ietf-ipsec-ikev2-11.txt:
----------------------------------------------------------------------
INVALID_SPI 11
MAY be sent in an IKE INFORMATIONAL Exchange when a node
receives an ESP or AH packet with an invalid SPI. The
Notification Data contains the SPI of the invalid packet.
This usually indicates a node has rebooted and forgotten an
SA. If this Informational Message is sent outside the
context of an IKE_SA, it should only be used by the
recipient as a "hint" that something might be wrong (because
it could easily be forged).
----------------------------------------------------------------------
It says there that the Notification Data contains the SPI of the
invalid packet. I think it should be using the SPI field of the
notification instead of the notification data field (i.e change the
"The Notification Data contains the SPI of the invalid packet." to
"The SPI field contains the SPI of the invalid packet.", or simply
remove the that text).
--
kivinen@ssh.fi
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/