Valery Smyslov <smyslov.i...@gmail.com> wrote:
>> > Thus, what do you want to see in the third column? "Defined in RFC
>> > 7296"/"Defined in this document"?
>>
>> You could say, "STD79", and "Section X" if you like.
> I prefer "RFC7296", as it's better known than "STD79" :-)
Yet, it's incorrect.
It fails to include the updates, and it goes stale.
It also wastes all the effort we put into bringing it to Internet Standard.
> The similarity between IKE_AUTH and GSA_AUTH is that both complete
> authenticating peers and creating IKE SA. The difference is that
> IKE_AUTH in addition creates unicast Child SA, so the set of payloads
It does?
>> > Note, that RFC 7296 includes a concept of one-way IKEv2 messages
>> (for > error notification in case no IKE SA exists).
>>
>> Fair enough, but those are inside the IKEv2 PARENT_SA, while GSA_REKEY
>> is not.
> GSA_REKEY is "inside" a multicast rekey SA (which is different from
> initial GM<->GCKS IKE SA).
I think that this new SA needs to be introduced.
I think that there need to be some diagrams.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
