Valery Smyslov writes: > > I am thinking of saying "go ahead" for IANA for this allocation even > > when this do change the IKEv2 bit, as I think there are > > implementations using same interpretation out there, and I think this > > configuration attribute is mostly harmless. If we would have done it > > here in the IPsecME WG, I think we would have used notifications > > instead of configuration payloads, as this attribute do affect the > > whole IKE SA and is not configuration attribute related to IPsec SA. > > > > So unless people object I will say "go ahead" in few days. > > I don't strongly object, however I have a concern: > how server can enforce the timeout period it sent to the client? > The client can ignore it and do liveness check more often > (for a good reason, if it has some data to send and has > no reply from server) or less often. It seems that this > notification could be ignored by the client completely and the server > cannot do anything about this (otherwise than tear down the > connection with "bad boy", but is it an intention?). > Or is this notification just a hint, not an enforcement?
That is my understanding with this, and this is why I consider this "mostly harmless". Of course it would be easier to get information directly from people who are proposing this, and not just my interpretation of the issue. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec