Hi Yoav,
I started by reading -01, then went back to -00. And I think the two can
be merged to create a better solution.
Including the notification as soon as the peers know they want a
handover is cleaner. So IKE_AUTH (of the new SA) is better than DELETE,
and in fact IKE_SA_INIT would be
On Aug 25, 2013, at 9:45 AM, Yaron Sheffer yaronf.i...@gmail.com wrote:
Hi Yoav,
I started by reading -01, then went back to -00. And I think the two can be
merged to create a better solution.
Including the notification as soon as the peers know they want a handover is
cleaner. So
And this would imply support for Childless, too?
Thanks,
Yaron
On 2013-08-25 13:01, Yoav Nir wrote:
Or do my other favorite thing with a support_cafr notification in the Initial
exchange, so that support indicates that you understand protocol=1 and SPI size=16.
If we ever do an
I guess, but it's still using one notification to announce another notification.
On Aug 25, 2013, at 1:08 PM, Yaron Sheffer yaronf.i...@gmail.com
wrote:
And this would imply support for Childless, too?
Thanks,
Yaron
On 2013-08-25 13:01, Yoav Nir wrote:
Or do my other favorite
Hi Yoav, Yaron,
Sorry, I disagree. This notification is concerned with both old IKE SA (as
Child SAs sponsor) and
new IKE SA (as acceptor). So, to remain in concent with RFC5996 and to
be logically consistent,
I'd suggest to make SPI field empty (and Protocol ID zero) and to move SPI
for new