Vijay Devarapalli wrote: > > Hello, > > There at least three people who think that the IKE_AUTH response > message should itself contain the REDIRECT payload. I went through > the email exchange between Fan and Tero. There was no new > information that came out of that discussion for me to make this > change in the draft. > > Does any one else have an opinion?
I think including REDIRECT in the final IKE_AUTH response would be simpler and cleaner. If we assume that redirect based on the initiator identity will be a somewhat relevant use case, putting REDIRECT in IKE_AUTH response avoids the slightly weird "what the heck I'm supposed to do know?!" state on the client after receiving the IKE_AUTH response but before seeing the INFORMATIONAL request. Best regards, Pasi _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
