Hi Valery, >> If there is a chance that this is a potential thread (and I fear >> it'll be impossible to proof the opposite), my >> feeling is that the document should say that IKE_INTERMEDIATE MUST >> NOT be supported without the >> support of at least one document defining the payload. > That is implied. I can make this more explicit, by adding something > like that: > > Successful exchange of INTERMEDIATE_EXCHANGE_SUPPORTED > notification only confirms that both parties support INTERMEDIATE > exchange. It is not enough condition to start doing INTERMEDIATE exchange. > A separate documents that utilize this exchange MUST define the > conditions in which peers would do INTERMEDIATE exchanges, the > conditions for ending the sequence of these exchanges and start IKE_AUTH, > and the payloads these exchanges should carry. > > Is it OK for you? I was wondering about what happens when multiple documents utilize the IKE_INTERMEDIATE exchange at the same time. Can two different documents utilize a single exchange of IKE_INTERMEDIATE messages, or must every document add an additional exchange of IKE_INTERMEDIATE messages?
Currently the only "user" is the Hybrid PQKE draft which adds up to seven INTERMEDIATE exchanges before the IKE_AUTH, could i just define a draft that includes an additional payload in the first INTERMEDIATE exchange (not knowing whether Hybrid KE is used or not) or would i have to add an eighth INTERMEDIATE exchange? I couldn't find any info on this in the current draft and i feel like this is quite relevant for future users of the exchange. Regards, (another) Tobias _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
