Bhatia, Manav (Manav) writes:
> > You gave reasons why ESP-NULL is needed, not why ESP-NULL visibility
> > is needed.
>
> One might want to filter OSPFv3 packets coming from outside the domain.
It is much better to do that check on the OSPFv3 receiver end where
the packet is actually authenticat
> > > Yes, but I do not really think people are going to solve
> those using
> > > ESP-NULL. I think they must move to encrypted ESP to provide
> > > confidentiality also, and that makes the need for
> ESP-NULL visibility
> > > even less.
> >
> > I disagree. With AH as a MAY and ESP as MUST in I
Keith Welter writes:
> Actually the IKE SA is open. Host A sent NO_PROPOSAL_CHOSEN because it
> received a request to rekey the IKE SA when it had a child SA in
> half-closed state. Here is the specific scenario I'm interested in:
> 1) Host A initiates rekey of a child SA.
> 2) Host B processing
Bhatia, Manav (Manav) writes:
> >
> > > BTW, insider threats are on the rise according to various public
> > > reports, so should not be discounted. This is one of the motivations
> > > of employing security, even within the Enterprise.
> >
> > Yes, but I do not really think people are going to s
David Wierbowski writes:
> If there is no concept of an empty certificate request in IKEv2 why is the
> text in section 3.6 a SHOULD and not a MUST? It seems to me that in order
> to ensure interoperability the text in Section 3.6 should read,
> "Certificate payloads MUST be included in an exchang
