Re: [IPsec] WG Last Call: draft-ietf-ipsecme-ikev2-redirect-08

Thu, 16 Apr 2009 10:57:38 -0700 

Hello,

Yoav Nir wrote:

I see that in section 6 the following:

   In such cases, the gateway should send the REDIRECT notification
   payload in the final IKE_AUTH response message that carries the AUTH
   payload and the traffic selectors.  The gateway MUST NOT send and the
client MUST NOT accept a redirect in an earlier IKE_AUTH message. 
I like that, and that was my position earlier, but wasn't the conclusion at San 
Francisco that the REDIRECT could come in either the first AUTH response (where 
we know the ID the client is using, temporary or not) *OR* in the last response?
The text you quote above refers to the case when the gateway decides to redirect based on the EAP exchange or a as a result of interaction with the AAA server or some external entity (when multiple auth is used). The redirect is done in the final IKE_AUTH message. 


When did we decide to not allow it in the first resopnse?
We allow it. The first paragraph in section 6 and the message exchange just below it show this. 

Vijay



Other than that, I think the document is fine and ready for publication.

Yaron Sheffer wrote:
This is a 2 week working group last call for draft-ietf-ipsecme-ikev2-redirect-08. The target status for this document is Proposed Standard. This is the document's second last call, following comments by a number of people and several document revisions.
Please send your comments to the ipsec list by April 30, 2009, as follow-ups to this message.
Please clearly indicate the position of any issue in the Internet Draft, and if possible provide alternative text. Please also indicate the nature or severity of the error or correction, e.g. major technical, minor technical, nit, so that we can quickly judge the extent of problems with the document. 

The document can be accessed here:
http://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-redirect-08.

Thanks,
        Yaron


Email secured by Check Point
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to