Couple of trivial things noted when reading the latest draft: - Section 4.1/4.2 should probably clarify that when multi-round-trip IKE_AUTH exchange is used, N(TICKET_REQUEST) is included in the first IKE_AUTH request, and N(TICKET_OPAQUE) (or TICKET_NACK/TICKET_ACK) is in the final IKE_AUTH response.
- Section 4.4 should say that the Protocol ID and SPI Size fields for all these notifications are set to zero. - Section 4.5 should say that lifetime is relative to the current time (and not e.g. POSIX-style timestamp() - IANA considerations: should say that TBA1...TBA5 numbers come from the "Status Types" part of the notification registry Best regards, Pasi _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
