subject:"\[IPsec\] rfc8229bis missing advise on error handling in IKE

Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT

2021-03-22 Thread Paul Wouters

On Fri, 19 Mar 2021, Tommy Pauly wrote: This implies that the new IKE_SA_INIT is a retry of the same IKE SA. Indeed, at least for our client, we don’t reset the SA values. Yes, for a client sure. But for a server there is no guarantee the client will come back. There is no point in keeping

Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT

2021-03-20 Thread Valery Smyslov

Hi, On Mar 19, 2021, at 12:36 PM, Paul Wouters < p...@nohats.ca> wrote: Hi, We have implemented TCP but are running in some issues where the RFC and the bis draft does not give us clarify. If the IKE_INIT over TCP gets back an INVALID_KE, what is supposed to

Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT

2021-03-19 Thread Tommy Pauly

> On Mar 19, 2021, at 12:36 PM, Paul Wouters wrote: > > > Hi, > > We have implemented TCP but are running in some issues where the RFC and > the bis draft does not give us clarify. > > If the IKE_INIT over TCP gets back an INVALID_KE, what is supposed to > happen? Is the responder expected

[IPsec] rfc8229bis missing advise on error handling in IKE_INIT

2021-03-19 Thread Paul Wouters

Hi, We have implemented TCP but are running in some issues where the RFC and the bis draft does not give us clarify. If the IKE_INIT over TCP gets back an INVALID_KE, what is supposed to happen? Is the responder expected to close the TCP session, since it never created a state for this

Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT

Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT

Re: [IPsec] rfc8229bis missing advise on error handling in IKE_INIT

[IPsec] rfc8229bis missing advise on error handling in IKE_INIT

4 matches

Site Navigation

Mail list logo

Footer information