Valery Smyslov writes: > 5. Page 14, 15 and 16 > "The responder replies (using the same Message ID to respond) with the > accepted offer in an SA payload, and a Diffie-Hellman value in the > KEr payload if KEi was included in the request and the selected > cryptographic suite includes that group." > > "The responder replies (using the same Message ID to respond) with the > accepted offer in an SA payload, and a Diffie-Hellman value in the > KEr payload if the selected cryptographic suite includes that group." > > "The responder replies (using the same Message ID to respond) with the > accepted offer in an SA payload, and a Diffie-Hellman value in the > KEr payload if KEi was included in the request and the selected > cryptographic suite includes that group." > > All three sentencies look like they were copy-pasted and all three > lacks mention Nonce Payload. I think it should be explicitely > mentioned here, as it was mentioned in descriptions of Initiator's message, > above each of this sentencies.
I agree on adding the comment about nonce in those copied sections. The reason for copying is because the original section 1.3 in RFC4306 was split 3 ways in RFC5996. > And I also think that words in parentheses here are superfluous, as > this requirement is comon for all exchanges, not only for > CREATE_CHILD_SA, and stated several times in the document. So, I > suggest to change: This was propsed for the RFC5996 already (by me :-) and there was ticket #34 opened for it and the change was not done as it was considered important to keep it there: My original email opening the issue: http://www6.ietf.org/mail-archive/web/ipsec/current/msg02953.html ticket opened by it http://trac.tools.ietf.org/wg/ipsecme/trac/ticket/34 and more of my comments to the issue: http://www6.ietf.org/mail-archive/web/ipsec/current/msg03155.html and I think this caused we to add definition of Message ID in the beginning of section 1.2. > "The responder replies with the accepted offer in an SA payload, > nonce in the Nr payload and a Diffie-Hellman value in the > KEr payload if KEi was included in the request and the selected > cryptographic suite includes that group." > > "The responder replies with the accepted offer in an SA payload, > nonce in the Nr payload and a Diffie-Hellman value in the > KEr payload if the selected cryptographic suite includes that group." > > "The responder replies with the accepted offer in an SA payload, > nonce in the Nr payload and a Diffie-Hellman value in the > KEr payload if KEi was included in the request and the selected > cryptographic suite includes that group." Changed: <t>The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, and a Diffie-Hellman value in the KEr payload if KEi was included in the request and the selected cryptographic suite includes that group.</t> ... <t>The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, and a Diffie-Hellman value in the KEr payload if the selected cryptographic suite includes that group. A new responder SPI is supplied in the SPI field of the SA payload.</t> ... <t>The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, and a Diffie-Hellman value in the KEr payload if KEi was included in the request and the selected cryptographic suite includes that group.</t> To: <t>The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, nonce in the Nr payload, and a Diffie-Hellman value in the KEr payload if KEi was included in the request and the selected cryptographic suite includes that group.</t> ... <t>The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, nonce in the Nr payload, and a Diffie-Hellman value in the KEr payload if the selected cryptographic suite includes that group. A new responder SPI is supplied in the SPI field of the SA payload.</t> ... <t>The responder replies (using the same Message ID to respond) with the accepted offer in an SA payload, nonce in the Nr, and a Diffie-Hellman value in the KEr payload if KEi was included in the request and the selected cryptographic suite includes that group.</t> -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
