[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] comment on "empty message" in IKEv2 draft
While I believe the IKEv2 spec is unambiguous when read carefully, I
agree that it would be clearer if it explicitly said that an "empty"
message actually consists of an empty "encrypted payload".
I don't think this warrants a new draft, but if something else requires
a new draft (or if I'm allowed to make such minor changes during
author's 48 hour call), I will fix it.
--Charlie
________________________________________
From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
Of Yonghui Cheng
Sent: Thursday, August 12, 2004 2:35 PM
To: ipsec@ietf.org
Subject: [Ipsec] comment on "empty message" in IKEv2 draft
All,
The IKEv2 draft/RFC should emphasis that when send "empty" messages
in IKEv2, the actual messages should include an empty "encrypted
payload".
"Empty" messages is used for DPD (dead peer detection) and acknowledge
purposes. Without encrypted payload, the message is not authenticated,
which should considered as security problem.
Yonghui
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec