[IPsec] Config payload text in Section 4

Wed, 13 Jan 2010 19:21:34 -0800 

Section 4 of IKEv2bis (and RFC 4306) states:

   IKEv2 is designed to permit minimal implementations that can
   interoperate with all compliant implementations.  There are a series
   of optional features that can easily be ignored by a particular
   implementation if it does not support that feature.  Those features
   include:

   o  Ability to negotiate SAs through a NAT and tunnel the resulting
      ESP SA over UDP.

   o  Ability to request (and respond to a request for) a temporary IP
      address on the remote end of a tunnel.

A little further down Section 4 also states:

   Implementations are not required to support requesting temporary IP
   addresses or responding to such requests.

Finally Section 4 also states:

   A minimal IPv4 responder implementation will ignore the contents of
   the CP payload except to determine that it includes an
   INTERNAL_IP4_ADDRESS attribute and will respond with the address and
   other related attributes regardless of whether the initiator
   requested them.

   A minimal IPv4 initiator will generate a CP payload containing only
   an INTERNAL_IP4_ADDRESS attribute and will parse the response
   ignoring attributes it does not know how to use.

By reading all the text in Section 4 it is seems that  "minimal IPv4
responder implementation" means an implementation that minimally supports
responding to a config payload request and that "minimal IPv4 initiator"
means an implementation that minimally supports requesting a temporary IP
address.  Unfortunately, the terms "minimal IPv4 responder implementation"
and "minimal IPv4 initiator" alone are somewhat ambiguous and can be
interpreted as contradiction to the first two statements I cited above.  I
suggest changing the text in the last two paragraphs I cited to:

   An implementation that minimally supports responding to a request for a
   temporary IP address will ignore the contents
   of the CP payload except to determine that it includes an
   INTERNAL_IP4_ADDRESS attribute and will respond with the address and
   other related attributes regardless of whether the initiator
   requested them.

   An implementation that minimally supports requesting a temporary IP
address
   will generate a CP payload containing only
   an INTERNAL_IP4_ADDRESS attribute and will parse the response
   ignoring attributes it does not know how to use.



Dave Wierbowski




_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to