Hello,
I have questions regarding use of NO_PROPOSAL_CHOSEN and INVALID_KE_PAYLOAD in
IKE_SA_INIT exchange in RFC 5996 IKEv2.
According to
"Section 3.10.1. Notify Message Types
NO_PROPOSAL_CHOSEN 14
None of the proposed crypto suites was acceptable. This can be
sent in any case where the offered proposals (including but not
limited to SA payload values, USE_TRANSPORT_MODE notify,
IPCOMP_SUPPORTED notify) are not acceptable for the responder.
"
according to the above statement it is meant that if initiator sends a proposal
with a Diffie-Hellman group value that is unacceptable by the responder, then
responder must send a NO_PROPOSAL_CHOSEN notification.
But according to
"Section 1.2. The Initial Exchanges
Because the initiator sends its Diffie-Hellman value in the
IKE_SA_INIT, it must guess the Diffie-Hellman group that the
responder will select from its list of supported groups. If the
initiator guesses wrong, the responder will respond with a Notify
payload of type INVALID_KE_PAYLOAD indicating the selected group.
"
>From the INVALID_KE_PAYLOAD description stated above means that
>NO_PROPOSAL_CHOSEN case is exclusive of this INVALID_KE_PAYLOAD.
Is it right interpretation of the above two error types ?
Thanks and Regards,
Avishek
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
