> -----Original Message----- > From: EXT Valery Smyslov [mailto:[email protected]] > Sent: Friday, January 15, 2016 10:03 PM
[HJ] > To: HU, Jun (Jun); Yoav Nir > Cc: [email protected]; Paul Wouters; Scott Fluhrer (sfluhrer) > Subject: Re: [IPsec] SLOTH & IKEv2 > > >[HJ] agree, however I can't find any text in RFC7296 states responder > >need to reject the request and return INVALID_SYNTAX in such case; an > >implementation might choose to just simply ignore the subsequent > redundant payload and proceed... > > Sure, there is no such text in the RFC. However this requirement is > implicit, since the pictures in the Appendix C.1 show those payloads > that may appear multiple times in the messages as PLD+. It is assumed > that those payloads that don't have the plus sign must appear only once > (or not appear at all). > > And if an implementation chooses to ignore the redundant payload, then > there is a question - which payload is redundant? There is no > requirements in the RFC that payloads come in a specific order, so one > implementation may think that the first payload is actual and the > subsequent is redundant, while the other may think otherwise. > > So I think INVALID syntax is the only proper response here. [HJ] I agree that sending INVALID_SYNTAX is the right behavior, just wish the RFC could be more clear about it. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
