On Mon, 11 Mar 2019, Christian Hopps wrote:
Sure, I'm definitely open to changes, and in particular with the congestion
info report. This is just the first draft. :)
So my reading of IKEv2 indicated that one way notifications were supported, not
that they were *only* to be used for unprotected error notification though.
Yes, they are currently only used for errors, but again I didn't read they were
restricted to that use alone.
Note that even those errors are in reply to an IKE request, so you still
have a request and reply message.
The reason I did not want to make the report sending reliable is that they are
continuously sent on an relatively short interval. It didn't make a lot of
sense to be re-sending a possibly growing queue of reports repeatedly, when the
latest one would do.
You might find previous discussion about MSGID and liveness probes
interesting then. That runs into similar issues and we don't have
a fix for this yet, although it has come up a few times that we
sould write a clarifying draft on MSGID.
For example, if you send a liveness probe and receive no answer, you
cannot send a delete notification because the liveness answer is
still pending. If you send many of these kind of IKE packets, then
you would run into similar problems.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
