|Main Archive Page > Month Archives > ipsec archives|
#22 - Add section on simultaneous IKE SA rekey
There was no discussion. We will bring this up one more time because it is important, but if there is not more interest and more inclination to review Tero's text, we will write a short note in the document that simultaneous IKE SA rekey is an issue but nothing else.
#26 - Missing treatment of error cases
Will use Tero's last wording as a proposed way forward. There is an open issue about what other payloads might or might not be in the error responses, so we will leave the issue open for discussion after the draft with the new wording is posted. I also copy editied the section, so it needs to be reviewed.
#28 - Obtaining src/dest IP addresses for UDP-encapsulated transport mode ESP
Added Tero's text as section 2.23.1. Changed one MUST to a MAY based on the discussion with Scott. Note that I removed any mention of RFC 3947, which is not part of IKEv2. I also heavily copy edited the section, so it needs to be reviewed.
#79 - Remove CP from Create_Child_SA?
There was no agreement on this. We should probably close out the issue unless those interested can agree on the semantics.
#107 - Sending certificate chains in IKEv2
Fixed in -05. Added "Note that with this encoding, if a chain of certificates needs to be sent, multiple CERT payloads are used, only the first of which holds the public key used to validate the sender's AUTH payload."
--Paul Hoffman, Director