Re: [IPsec] Use of IKE to obtain address of home agent

To: "Hui Deng" <denghui02 at gmail.com>
Subject: Re: [IPsec] Use of IKE to obtain address of home agent
From: Tero Kivinen <kivinen at iki.fi>
Date: Mon, 22 Sep 2008 17:06:02 +0300
Cc: Christian.Kaas-Petersen at tietoenator.com, ipsec at ietf.org
Delivered-to: ietfarch-ipsec-web-archive at core3.amsl.com
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <1d38a3350809200459m3f9d0216k30377fb443fb51f6 at mail.gmail.com>
List-archive: <http://www.ietf.org/pipermail/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <D3CFEF84287B46408A7F0405EE7C5457014F7BAA at corvette.eu.tieto.com> <18642.12494.564286.298618 at fireball.kivinen.iki.fi> <1d38a3350809200459m3f9d0216k30377fb443fb51f6 at mail.gmail.com>
Sender: ipsec-bounces at ietf.org

Hui Deng writes:
> ==> I can't imagine the issue if we include two payloads even without an
> transaction ID here. could you help to elaborate more, bascially, I assume
> there are consecutively ordered.

There is nothing in the current documents that says that the reply
payloads inside the reply packet must be in same order the request
payloads were in the request packet. Thus complient implementation
would be allowed to reorder them if they want to. Thus the initiator
receiving the reply cannot know which reply payloads was reply to
which request payload. Complient recipient can also remove some of the
requested attributes, and add new ones, so detecting things from the
attributes might not be possible. We could add such text to IKEv2bis,
but I think it is better not to add multiple configuration payloads to
one packet.
-- 
kivinen at safenet-inc.com
_______________________________________________
IPsec mailing list
IPsec at ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [IPsec] Use of IKE to obtain address of home agent
  - From: Hui Deng

References:
- [IPsec] Use of IKE to obtain address of home agent
  - From: Christian.Kaas-Petersen
- [IPsec] Use of IKE to obtain address of home agent
  - From: Tero Kivinen
- Re: [IPsec] Use of IKE to obtain address of home agent
  - From: Hui Deng

Prev by Date: Re: [IPsec] Secure Crash Discovery for IKEv2
Next by Date: Re: [IPsec] Secure Crash Discovery for IKEv2
Previous by thread: Re: [IPsec] Use of IKE to obtain address of home agent
Next by thread: Re: [IPsec] Use of IKE to obtain address of home agent
Index(es):
- Date
- Thread

Re: [IPsec] Use of IKE to obtain address of home agent

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.