Re: [IPsec] Use of IKE to obtain address of home agent
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPsec] Use of IKE to obtain address of home agent
thanks for your kind help to make it clarified.
-Hui
2008/9/22 Tero Kivinen <kivinen at iki.fi>
> Hui Deng writes:
> > ==> I can't imagine the issue if we include two payloads even without an
> > transaction ID here. could you help to elaborate more, bascially, I
> assume
> > thereFrom ipsec-bounces at ietf.org Tue Sep 23 08:02:49 2008
Return-Path: <ipsec-bounces at ietf.org>
X-Original-To: ipsec-archive at megatron.ietf.org
Delivered-To: ietfarch-ipsec-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id B627F3A6A5D;
Tue, 23 Sep 2008 08:02:49 -0700 (PDT)
X-Original-To: ipsec at core3.amsl.com
Delivered-To: ipsec at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id CCB283A6A5D
for <ipsec at core3.amsl.com>; Tue, 23 Sep 2008 08:02:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Je4f5aX+Yi43 for <ipsec at core3.amsl.com>;
Tue, 23 Sep 2008 08:02:48 -0700 (PDT)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27])
by core3.amsl.com (Postfix) with ESMTP id A423B3A6B8F
for <ipsec at ietf.org>; Tue, 23 Sep 2008 08:02:47 -0700 (PDT)
Received: by ey-out-2122.google.com with SMTP id 9so704962eyd.31
for <ipsec at ietf.org>; Tue, 23 Sep 2008 08:02:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from:to
:subject:cc:in-reply-to:mime-version:content-type:references;
bh=pjRBuM1pf2mo3AqnsQO8K8+ukgqOy8x5zxqO6ACLHc4=;
b=PwIFE8CVMaaKerlI6Skh48CYEMtxYUcWExSDhaG2kSnahkWICA+KH4EKj6oLP82uKf
ArEQhQoIoLj5zNpk1lODlYj6JT2GTe2Lgd1esnpnCLE2LyjUCYZ8CrpRrxQqFHjz3Ubo
J2mgxpsY4eMO1xkDPkQWoVUO1wzodYeFNgR6c=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
:content-type:references;
b=iZ/EKiKlm7qdpU7QU0x+YnsJF39d+f21c7Owkmzb3Ho8Dg7MUcxpLirzShuS7PoG1/
AMVhHMJV+qWbpWlGINcFhnalj8XT42J/41PsUYzd6rXF7Mjc7xi7B7D8D1J0rH3k3RCc
Ov3m/JffOcqArJPvB0Fh9BtcLVmFdUEyYv8hU=
Received: by 10.210.133.2 with SMTP id g2mr6784679ebd.68.1222182169319;
Tue, 23 Sep 2008 08:02:49 -0700 (PDT)
Received: by 10.210.115.8 with HTTP; Tue, 23 Sep 2008 08:02:49 -0700 (PDT)
Message-ID: <1d38a3350809230802x3eef360am6a75f898d8efe7f6 at mail.gmail.com>
Date: Tue, 23 Sep 2008 23:02:49 +0800
From: "Hui Deng" <denghui02 at gmail.com>
To: "Tero Kivinen" <kivinen at iki.fi>
In-Reply-To: <18647.42570.766912.651368 at fireball.kivinen.iki.fi>
MIME-Version: 1.0
References: <D3CFEF84287B46408A7F0405EE7C5457014F7BAA at corvette.eu.tieto.com>
<18642.12494.564286.298618 at fireball.kivinen.iki.fi>
<1d38a3350809200459m3f9d0216k30377fb443fb51f6 at mail.gmail.com>
<18647.42570.766912.651368 at fireball.kivinen.iki.fi>
Cc: Christian.Kaas-Petersen at tietoenator.com, ipsec at ietf.org
Subject: Re: [IPsec] Use of IKE to obtain address of home agent
X-BeenThere: ipsec at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>,
<mailto:ipsec-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ipsec>
List-Post: <mailto:ipsec at ietf.org>
List-Help: <mailto:ipsec-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>,
<mailto:ipsec-request at ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0359725274=="
Sender: ipsec-bounces at ietf.org
Errors-To: ipsec-bounces at ietf.org
thanks for your kind help to make it clarified.
-Hui
2008/9/22 Tero Kivinen
<kivinen at iki.fi>
Hui Deng writes:
> ==> I can't imagine the issue if we include two payloads even without an
> transaction ID here. could you help to elaborate more, bascially, I assume
> there are consecutively ordered.
There is nothing in the current documents that says that the reply
payloads inside the reply packet must be in same order the request
payloads were in the request packet. Thus complient implementation
would be allowed to reorder them if they want to. Thus the initiator
receiving the reply cannot know which reply payloads was reply to
which request payload. Complient recipient can also remove some of the
requested attributes, and add new ones, so detecting things from the
attributes might not be possible. We could add such text to IKEv2bis,
but I think it is better not to add multiple configuration payloads to
one packet.
--
kivinen at safenet-inc.com
_______________________________________________
IPsec mailing list
IPsec at ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
