[Ipsec] comment on "empty message" in IKEv2 draft

To: <ipsec@ietf.org>
Subject: [Ipsec] comment on "empty message" in IKEv2 draft
From: "Yonghui Cheng" <cheng@juniper.net>
Date: Thu, 12 Aug 2004 14:34:46 -0700
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
Sender: ipsec-bounces@ietf.org
Thread-index: AcSAtENoNK3PnmHIT26eaMzASWrVwA==
Thread-topic: comment on "empty message" in IKEv2 draft

All,

The IKEv2 draft/RFC should emphasis that when send “empty” messages

in IKEv2, the actual messages should include an empty “encrypted payload”.

“Empty” messages is used for DPD (dead peer detection) and acknowledge

purposes. Without encrypted payload, the message is not authenticated,

which should considered as security problem.

Yonghui

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- [Ipsec] comment on "empty message" in IKEv2 draft
  - From: Tero Kivinen <kivinen@iki.fi>