All, The IKEv2 draft/RFC should emphasis that when send “empty”
messages in IKEv2, the actual messages should include an empty “encrypted
payload”. “Empty” messages is used for DPD (dead peer
detection) and acknowledge purposes. Without encrypted payload, the message is not
authenticated, which should considered as security problem. Yonghui |
_______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec