Hi, In section 2.9. Traffic Selector Negotiation,
The SINGLE_PAIR_REQUIRED error indicates that a CREATE_CHILD_SA request is unacceptable because its sender is only willing to accept traffic selectors specifying a single pair of addresses. The requestor is expected to respond by requesting an SA for only the specific traffic it is trying to forward. Above paragraph gives the clarity of what action to take when SINGLE_PAIR_REQUIRED notify type received in case of CREATE_CHILD_SA exchanges. Suppose if the SINGLE_PAIR_REQUIRED notify type is received in AUTH response, how initiator should act upon it? Can initiator resend AUTH request with different TSi and TSr payloads or it should establish IKE SA and then start CREATE_CHILD_SA exchange? Thanks Jyothi -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, April 15, 2010 3:45 AM To: [email protected] Cc: [email protected] Subject: [IPsec] I-D ACTION:draft-ietf-ipsecme-ikev2bis-10.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : Internet Key Exchange Protocol: IKEv2 Author(s) : C. Kaufman, P. Hoffman, Y. Nir, P. Eronen Filename : draft-ietf-ipsecme-ikev2bis-10.txt Pages : 130 Date : 2010-4-14 This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining security associations (SAs). This document replaces and updates RFC 4306, and includes all of the clarifications from RFC 4718. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ikev2bis-10.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
