[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    IKEv2 INFO exchange question???
From:       Tom Hu <tomhu () cisco ! com>
Date:       2003-08-18 20:19:24
[Download RAW message or body]

Hi all,

I have question regarding to INFO exchange.

If the responder receives AUTH payload with piggyback SA, and the
responder found a bad SA (or TS), it looks like the AUTH with
N(notification) is the only choice to notify the Initiator by the
responder. If not, the responder sends INFO notify  instead, the
Initiator can not handle this notification because the initiator does
not auth the responder yet. Is it a correct statement?

In the draft, it says the INFO exchange only and must occurrs after
initial exchange (after 4th message) no matter it is piggyback exchange
or not. The only exception is that "Invalid SPI" notification can be
sent in the any state when you lost the track of sa. Is any other
exception ?.

Thanks,

Tom Hu

[prev in list] [next in list] [prev in thread] [next in thread]