Yoav,
You are sending an informational notification, so how could you say the SA
does not exist and no delete should be sent?
If an authentication error is discovered when processing the IKE_AUTH
response then responder thinks an IKE SA exists and the initiator intends
to delete that SA. In th
Tero,
> > Agreed. How about SHOULD, but adding "if the error occurred in the
> > response to an IKE_AUTH exchange, and in payloads related to
> > authentication. A new exchange SHOULD NOT be triggered for reporting
> > errors in child SAs, CFG, or notifications."
>
> If that error occurred dur
David Wierbowski writes:
> You are sending an informational notification, so how could you say the SA
> does not exist and no delete should be sent?
The IKE SA is NOT up and valid in the initiator. It is halfway up
as the other end has not been authenticated, and that IKE SA cannot be
used in gene
Scott C Moonen writes:
> Tero,
>
> > > Agreed. How about SHOULD, but adding "if the error occurred in the
> > > response to an IKE_AUTH exchange, and in payloads related to
> > > authentication. A new exchange SHOULD NOT be triggered for reporting
> > > errors in child SAs, CFG, or notification
> Message: 2
> Date: Sun, 6 Sep 2009 10:15:17 +0300
> From: Yoav Nir
> Subject: Re: [IPsec] Issue #26: Missing treatment of error cases
> To: "ipsec@ietf.org WG" , Tero Kivinen
>
> Message-ID:
> Content-Type: text/plain; charset="us-ascii"
>
> OK. Let's try this again. Is this acceptable?
>