Valery Smyslov <smyslov.i...@gmail.com> wrote: >> > Thus, what do you want to see in the third column? "Defined in RFC >> > 7296"/"Defined in this document"? >> >> You could say, "STD79", and "Section X" if you like.
> I prefer "RFC7296", as it's better known than "STD79" :-) Yet, it's incorrect. It fails to include the updates, and it goes stale. It also wastes all the effort we put into bringing it to Internet Standard. > The similarity between IKE_AUTH and GSA_AUTH is that both complete > authenticating peers and creating IKE SA. The difference is that > IKE_AUTH in addition creates unicast Child SA, so the set of payloads It does? >> > Note, that RFC 7296 includes a concept of one-way IKEv2 messages >> (for > error notification in case no IKE SA exists). >> >> Fair enough, but those are inside the IKEv2 PARENT_SA, while GSA_REKEY >> is not. > GSA_REKEY is "inside" a multicast rekey SA (which is different from > initial GM<->GCKS IKE SA). I think that this new SA needs to be introduced. I think that there need to be some diagrams. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec