On Fri, 26 Feb 2016, Valery Smyslov wrote:
thank you for providing more details. However, it is not clear from this description what UE should do if it has a data to be sent, but it received no protected data for some perion of time. Section 2.4. of RFC 7296 suggests that the IKEv2 implementation performs a Liveness Check in this case: If no cryptographically protected messages have been received on an IKE SA or any of its Child SAs recently, the system needs to perform a liveness check in order to prevent sending messages to a dead peer. It is not clear how this text is supposed to align with TIMEOUT_PERIOD_FOR_LIVENESS_CHECK. In other words - should UE in this situation perform a Liveness Check, ignoring the ePDG provided interval? Or should it ignore the possibility to send data to a dead peer and perform Liveness Checks only on the specified interval?
While Ivo since did explain things a bit more, I think this does illustrate the point that IKEv2 implementors need enough guidance on these matters. That is really what an RFC does, even if it is not an ipsecme RFC and some independant stream submission. So I would like to urge the 3gpp world to reach out more to the ipsecme group and try to write up documentation in draft/RFC form. Because in the end, the IKE implementors will have to implement 3gpp requirements as well. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec