I think that responder must verify the cookie if it is present, regardless
on whether it is expected to be present or not. And it must request
another cookie if the verification failed.
That would allow an initiator to trigger the cookie generating mechanism
on the responder on demand. I don't think that's a good idea.
And what then? I think the cookie generating mechanism is a local
matter and you have all means to make it secure.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
