Michael Richardson wrote:
> Yes, that's true up to the final hop.
> At the final hop, when the destination address is local, then one *might*
> receive an ICMP Parameter Problem because the SPI is not recognized.
> Maybe.
> If it does not, then the sender will send another
Panwei (William) wrote:
> It seems to me that extending the traceroute by using an ESP packet can
> be done right now and has no requirement for the ESP packet format. Any
> ESP packets can work with this mechanism, and there is no need for the
> designated SPIs.
> The
On Mon, Apr 1, 2024 at 9:08 AM Valery Smyslov wrote:
I've added the following sentence to the Introduction:
>
>Since IKEv2 doesn't allow to use multiple
>authentication methods and doesn't provide means for peers to
>indicate to the other side which authentication methods they
Hi Rifaat,
I snipped parts where we are in agreement.
Hi Valery,
See my replies below.
Regards,
Rifaat
[…]
> * "Since the responder sends the SUPPORTED_AUTH_METHODS notification in
> the IKE_SA_INIT exchange, it must take care that the size of the response
> message
Hi Valery,
See my replies below.
Regards,
Rifaat
On Mon, Apr 1, 2024 at 9:37 AM Valery Smyslov wrote:
> Hi Rifaat,
>
> thank you for your review. Please, see inline.
>
> > Reviewer: Rifaat Shekh-Yusef
> > Review result: Has Issues
> >
> > # Section 3.1
> >
> > * The description of the
Hi,
this version addresses comments received during IETF LC and directorate
reviews.
Regards,
Valery.
> -Original Message-
> From: IPsec On Behalf Of internet-dra...@ietf.org
> Sent: Monday, April 1, 2024 4:41 PM
> To: i-d-annou...@ietf.org
> Cc: ipsec@ietf.org
> Subject: [IPsec] I-D
Internet-Draft draft-ietf-ipsecme-ikev2-auth-announce-07.txt is now available.
It is a work item of the IP Security Maintenance and Extensions (IPSECME) WG
of the IETF.
Title: Announcing Supported Authentication Methods in IKEv2
Author: Valery Smyslov
Name:
Hi Rifaat,
thank you for your review. Please, see inline.
> Reviewer: Rifaat Shekh-Yusef
> Review result: Has Issues
>
> # Section 3.1
>
> * The description of the exchange seems odd, as it starts with the responder,
> instead of the initiator. I suggest that the description of the exchange
>
Hi Reese,
thank you for your review. Please see inline.
> Reviewer: Reese Enghardt
> Review result: Ready with Nits
>
> I am the assigned Gen-ART reviewer for this draft. The General Area Review
> Team (Gen-ART) reviews all IETF documents being processed by the IESG for the
> IETF Chair.
Hi Paul and Michael, thanks for your explanations.
Michael Richardson wrote:
> Paul Wouters wrote:
> > > If you want to do the traceroute to determine how far ESP
> > > actually gets, you need to make sure every node supports
> > > the ESPping.
> >
> > I think people
10 matches
Mail list logo
