> > This message starts a working group last call (WGLC) on
> > draft-ietf-ipsecme-qr-ikev2-04, which will conclude
> on December 14, 2018 at UTC 23:59. Please review and provide feedback on the
> -04 version
> (https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/). Please
> indicate if
Hi,
I've submitted a new version of the draft-smyslov-ipsecme-ikev2-aux. Major
changes:
1. The exchange is renamed from IKE_AUX to INTERMEDIATE (thanks Tommy!).
I believe this name reflects its purpose, it's easy to pronounce and hard
to mix
with existing exchanges.
2. The way the exc
On Mon, 3 Dec 2018, Valery Smyslov wrote:
I've submitted a new version of the draft-smyslov-ipsecme-ikev2-aux. Major
changes:
1. The exchange is renamed from IKE_AUX to INTERMEDIATE (thanks Tommy!).
I believe this name reflects its purpose, it's easy to pronounce and hard to
mix
with e
> > 1. The exchange is renamed from IKE_AUX to INTERMEDIATE (thanks Tommy!).
> >I believe this name reflects its purpose, it's easy to pronounce and
> > hard to mix
> > with existing exchanges.
>
> It is missing the prefix IKE_ ?
As well as INFORMATIONAL and CREATE_CHILD_SA.
> In my opi
Hi,
I've seen reports where our software receives IKE_AUTH requests without
the preceeding IKE_INIT request. After some debugging, it seems that
two networks, SaudiNet and Zain Data-Jordan, sometimes MITM the IKE_INIT
by replying (and I guess generating a IKE SPI for the responder) and
then ste
Hi Paul, all.
Answers for section 6 in line.
> El 18 nov 2018, a las 7:52, Paul Wouters escribió:
>
>
>
> Section 6.1:
>
> Note that the use of start and end addresses, means that this can never work
> with IKEv1, that can only negotiate CIDR networks. Perhaps this should be
> explicitely st
