> Looks good to me. Agreed.
Scott Moonen ([email protected]) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Yaron Sheffer <[email protected]> To: Paul Hoffman <[email protected]>, IPsecme WG <[email protected]> Date: 12/28/2009 11:08 AM Subject: Re: [IPsec] Clarifying what happens with INITIAL_CONTACT Looks good to me. Yaron -----Original Message----- From: Paul Hoffman [mailto:[email protected]] Sent: Monday, December 28, 2009 17:36 To: Yaron Sheffer; IPsecme WG Subject: Re: [IPsec] Clarifying what happens with INITIAL_CONTACT At 5:28 PM +0200 12/28/09, Yaron Sheffer wrote: >You are adding two MUSTs, which we SHOULD NOT do unless we have very good reasons, such as interop problems, security issues, or major functionality problems (like memory leaks). I'm not sure any of these apply, so I suggest that you change the wording to be non-normative. Whoops, all good points. I got carried away. How about: When an initiator receives an INITIAL_CONTACT notification in response to its IKE_AUTH request, it silently deletes any IKE SAs and associated Child SAs for that responder without sending any notifications to the responder. If a responder receives an INITIAL_CONTACT notification in an IKE_AUTH request, it silently deletes any IKE SAs and associated Child SAs for that initiator without sending any notifications to the initiator. --Paul Hoffman, Director --VPN Consortium Scanned by Check Point Total Security Gateway. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
