[IPsec] ikev2bis issue #181: Section 2.4 unclear on Child SA failing
Paul Hoffman <paul.hoffman@vpnc.org> Tue, 30 March 2010 23:59 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D20443A68E4 for <ipsec@core3.amsl.com>; Tue, 30 Mar 2010 16:59:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.842
X-Spam-Level:
X-Spam-Status: No, score=-2.842 tagged_above=-999 required=5 tests=[AWL=-0.340, BAYES_40=-0.185, DNS_FROM_OPENWHOIS=1.13, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgGosML8rT12 for <ipsec@core3.amsl.com>; Tue, 30 Mar 2010 16:59:36 -0700 (PDT)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 1CA193A686C for <ipsec@ietf.org>; Tue, 30 Mar 2010 16:59:35 -0700 (PDT)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o2V004Jd037368 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Tue, 30 Mar 2010 17:00:05 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240807c7d83e28b337@[10.20.30.158]>
Date: Tue, 30 Mar 2010 16:59:18 -0700
To: IPsecme WG <ipsec@ietf.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: [IPsec] ikev2bis issue #181: Section 2.4 unclear on Child SA failing
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2010 23:59:36 -0000
Section 2.4 says "If Child SAs can fail independently from one another without the associated IKE SA being able to send a delete message, then they MUST be negotiated by separate IKE SAs". It is not clear what this means. Does it apply to implementations? If so, how can an implementation know whether or not the first clause is true? I propose removing the sentence, or greatly clarifying it.
- [IPsec] ikev2bis issue #181: Section 2.4 unclear … Paul Hoffman
- [IPsec] ikev2bis issue #181: Section 2.4 unclear … Tero Kivinen
- Re: [IPsec] ikev2bis issue #181: Section 2.4 uncl… David Wierbowski