Hi Tero,
IKEv1 did allow sending payloads in any order, if I remember right.
Right, but with some restrictions (e.g. HASH Payload in QM must go before
other Payloads).
Hmm... funny typo in section 1:
o User wants to get anonymous access to some resource. In this
situation he/she should be able to authenticate server, but to
leave out his/her own authentication to prevent anonymity. In
this case one-way authentication is desirable.
user will leave out authentication to PREVENT anonymity... I assume
preserve is the one word that was meant...
Yes, of course. Thanks for catching.
And in -01 draft I've added one more use case:
o User wants to get some simple action from remote device. Consider
garage door opener: it must authenticate user to open the door,
but it is not necessary for the user to authenticate the door
opener. In this case one-way authentication is sufficient.
In this example there is no harm if garage door opener
fills in its ID Payload - it need not be anonymous.
Regards,
Valery.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
