I think it is reasonable to expect that an IKEv2 bis implementation would
use an IF statement to control sending the new Notify types. If the minor
number was changed an implementation could check the minor version and send
the new notify types when the minor version was 1 and send the notify types
recommended in RFC 4718 if the minor number was 0. That is what my
implementation plans to do if the minor version number is bumped.
I'm not sure I agree with Tero that an implementation getting an unknown
TEMPORARY_FAILURE notify would always take the same action that it would if
it received NO_PROPOSAL_CHOSEN as suggested by RFC 4718.
Dave Wierbowski
From: Richard Graveman <[email protected]>
To: Tero Kivinen <[email protected]>
Cc: IPsecme WG <[email protected]>, Paul Hoffman <[email protected]>
Date: 12/17/2009 07:41 AM
Subject: Re: [IPsec] Issue #130: Do we need to bump the minor version
number?
Sent by: [email protected]
I think the criterion should be:
Would a reasonable and correct implementation need to have an IF
statement, e.g., if(minor_number == 1) ...
I do not not think the criterion should be whether bumping the number
breaks older implementations.
>From the discussion, leaving the number alone seems fine.
Richard
On Thu, Dec 17, 2009 at 7:20 AM, Tero Kivinen <[email protected]> wrote:
> Yaron Sheffer writes:
>> Or else, we could remove the sentence "For example, it might
>> indicate the ability to process a newly defined notification
>> message."
>
> That is example what changing minor number might mean. All current
> conforming implementations already know how to process our newly
> defined error notifications (they assume exchange failed), thus there
> is no need to update minor number, as there is no new ability needed
> for implementations to process those notifications.
>
> There is no reason to change that text. It does not require us to do
> something, it is just example.
>
>> I thinking bumping the minor version number would be
>> extremely risky. We know that everybody can ignore unknown
>> notifications. We don't know that everybody can deal correctly with
>> version number, simply because this has been tested less frequently.
>
> Agree on that.
> --
> [email protected]
> _______________________________________________
> IPsec mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ipsec
>
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
