Hi,
I see that RFC4306 has the following lines at the end of Sec3.16:
Note that since IKE passes an indication of initiator identity in
message 3 of the protocol, the responder SHOULD NOT send EAP Identity
requests. The initiator SHOULD, however, respond to such requests if
it receives them.
I see that from draft-ietf-ipsecme-ikev2bis-01, "SHOUD" and "SHOULD NOT"
were demoted to
"should" and "should not", the text now looks as below:
{{ Demoted the SHOULD NOT and SHOULD }} Note that since IKE passes an
indication of initiator identity in message 3 of the protocol, the
responder should not send EAP Identity requests. The initiator may,
however, respond to such requests if it receives them.
Also, "The initiator SHOULD" is now "The initiator may".
I would like to understand why these changes were done. Why do we need
to do an EAP-ID
request as IDi should carry an indication of the client's identity?
Thanks,
Srinivas
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
