|Main Archive Page > Month Archives > ipsec archives|
Thanks for the two editorial notes; fixed.
We want more input on the following:
At 3:28 PM +0300 9/21/09, Tero Kivinen wrote:
> > <t>NOTE FOR WG DISCUSSION: Having other payloads in the message is
>> allowed but there are none suggested. One WG member mentioned the
>> possibility of adding a DELETE payload when the error is sent in a
>> separate INFORMATIONAL exchange. Do we want to allow such additional
>> payloads that have operational semantics?</t>
>As I do not see any other reason to start new informational exchange
>when processing IKE_AUTH reply than fatal errors when creating it
>(i.e. AUTHENTICATION_FAILED) which already deletes the IKE SA, I do
>not see any benefit from adding DELETE notification to the message. It
>would be saying the same thing twice: "There was fatal error delete
>the sa, and by the way delete the sa."
--Paul Hoffman, Director