I agree with Tero
________________________________
From: [email protected] [mailto:[email protected]] On Behalf Of Yaron
Sheffer
Sent: Monday, April 27, 2009 10:32 PM
To: IPsecme WG
Subject: [IPsec] Issue #13: INVALID_MAJOR_VESION similar to other notifies
being discussed
> {{ Clarif-7.7 }} There are two cases when such a one-way notification
> is sent: INVALID_IKE_SPI and INVALID_SPI. These notifications are
> sent outside of an IKE_SA. Note that such notifications are
> explicitly not Informational exchanges; these are one-way messages
> that must not be responded to. In case of INVALID_IKE_SPI, the
> message sent is a response message, and thus it is sent to the IP
> address and port from whence it came with the same IKE SPIs and the
> Message ID copied. In case of INVALID_SPI, however, there are no IKE
> SPI values that would be meaningful to the recipient of such a
> notification. Using zero values or random values are both
> acceptable.
Tero:
In a sense INVALID_MAJOR_VERSION is also this kind of notification
which is sent outside of an IKE_SA, although it is sent as a response
to the incoming IKE SA creation. Perhaps we should note this fact
here?
Paul: Not done. This is interesting, but should be discussed on the list.
Email secured by Check Point
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
