Thanks Paul. I have a couple follow-up questions. First, I don't see where the following IP validation check described in section 3.1.1 for IKEv1 is specified for IKEv2: "In addition, implementations MUST be capable of verifying that the address contained in the ID is the same as the peer source address, contained in the outer most IP header."
Though that particular check is not required for IKEv2, I assume it would be acceptable for an implementation to support such a check for IKEv2. Is that correct? Second, section 4.2.1 refers to section 3.2.3: "IKEv2 does not support Certificate Payload sizes over approximately 64K. See Section 3.2.3 for the problems this can cause." Does that mean section 3.2.3 applies to IKEv2? Paul Hoffman <[email protected]> wrote on 03/09/2009 02:12:55 PM: > At 11:07 AM -0700 3/9/09, Keith Welter wrote: > >First, is this the right mailing on which to post questions about RFC 4945? > > > >Second, should RFC 4945 section 4 (Use of Certificates in RFC 4301 and IKEv2) be > considered a supplement to section 3 (Use of Certificates in RFC 2401 and > IKEv1/ISAKMP) or should section 3 and section 4 be considered to be completely independent? > > Completely independent. > > --Paul Hoffman, Director > --VPN Consortium Keith Welter IBM Enterprise Networking Solutions 1-415-545-2694 (T/L: 473-2694)
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
