Hi Danny, Thanks for reading my post and replying. I understand your point that it's the client that decides whether or not to append the authentication info (ie. "mac"). However, there's still an important difference occuring on the "server" side that I don't understand.
When the client does not send authentication info, the "server" side (really the "symmetric passive" side) will NOT mobilize an ephemeral symmetic passive association because in receive() sys_authenticate is 1 and is_authentic is 0, resulting in the server side sending the "crypto-NAK" via fast_xmit(). When the client does send valid authentication info, the "server" side WILL mobilize an ephemeral symmetic passive association because sys_authenticate is 1 and is_authentic is 1. So, in the former case the "server" side does NOT have a symmetic passive association and in the later case it does. This doesn't seem correct. Isn't there some impact of the symmetic passive association NOT being created in the former case? Tx, Mark _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
