In that case, isn't the effort of having to explicitly specify every single
case actually the
same as if every of these documents would simply specify it's own exchange that
takes place between IKE_SA_INIT and IKE_AUTH?
What is the advantage of using INTERMEDIATE then, instead of just rolling your
own
solution?
The advantage is that some common things (like authentication
of the intermediate exchange, its protection, error handling etc.)
remain the same. So you don’t need to specify this again
and you can have a single piece of code for this.
Note, that we don’t have separate exchanges for e.g. deleting SAs,
reporting errors, liveness checking, - it’s a single INFORMATIONAL
that is used for all these (and many other) purposes.
Regards,
Valery
Regards,
Tobias
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
