< draft-nir-ike-nochild-00.txt   draft-nir-ike-nochild-01.txt >
Network Working Group Y. Nir Network Working Group Y. Nir
Internet-Draft Check Point Internet-Draft Check Point
Intended status: Standards Track May 21, 2009 Intended status: Standards Track May 31, 2009
Expires: November 22, 2009 Expires: December 2, 2009
A Childless Initiation of the IKE SA A Childless Initiation of the IKE SA
draft-nir-ike-nochild-00 draft-nir-ike-nochild-01
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 22, 2009. This Internet-Draft will expire on December 2, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 4, line 19 skipping to change at page 4, line 19
described in Section 5, if the VID payload was included in the described in Section 5, if the VID payload was included in the
IKE_INIT response. The initiator MUST NOT send the modified IKE_AUTH IKE_INIT response. The initiator MUST NOT send the modified IKE_AUTH
request if the VID was not present. request if the VID was not present.
A supporting responder that advertised the VID payload in the A supporting responder that advertised the VID payload in the
IKE_INIT response MUST process a modified IKE_AUTH request, and MUST IKE_INIT response MUST process a modified IKE_AUTH request, and MUST
reply with a modified IKE_AUTH response. Such a responder MUST NOT reply with a modified IKE_AUTH response. Such a responder MUST NOT
reply with a modified IKE_AUTH response if the initiator did not send reply with a modified IKE_AUTH response if the initiator did not send
a modified IKE_AUTH request. a modified IKE_AUTH request.
A supporting responder that has been configured not to support this
extension to the protocol MUST behave as the same as if it didn't
support this extension. It MUST NOT advertise the capability with a
VID payload, and it SHOULD reply with an INVALID_SYNTAX Notify
payload if the client sends an IKE_AUTH request that is modified as
described in Section 5.
4. VID Payload 4. VID Payload
The VID payload is as described in [RFC4306] with the data as The VID payload is as described in [RFC4306] with the data as
follows: follows:
73da4b423dd9f75563b15b9f918650fc 73da4b423dd9f75563b15b9f918650fc
This value was obtained by hashing the string "Will do IKE_AUTH This value was obtained by hashing the string "Will do IKE_AUTH
without child SA payloads" without child SA payloads"
skipping to change at page 5, line 24 skipping to change at page 5, line 24
[V+] [V+]
/ --> EAP / --> EAP
repeat 1..N times | repeat 1..N times |
\ <-- EAP \ <-- EAP
last request --> AUTH last request --> AUTH
last response <-- AUTH, last response <-- AUTH,
[CP(CFG_REPLY)], [CP(CFG_REPLY)],
[N(ADDITIONAL_TS_POSSIBLE)],
[V+] [V+]
Note what is missing: Note what is missing:
o The optional notifications: IPCOMP_SUPPORTED, USE_TRANSPORT_MODE, o The optional notifications: IPCOMP_SUPPORTED, USE_TRANSPORT_MODE,
ESP_TFC_PADDING_NOT_SUPPORTED, and NON_FIRST_FRAGMENTS_ALSO. ESP_TFC_PADDING_NOT_SUPPORTED, and NON_FIRST_FRAGMENTS_ALSO.
o The SA payload. o The SA payload.
o The traffic selector payloads. o The traffic selector payloads.
o Any notification, extension payload or VendorID that has to do o Any notification, extension payload or VendorID that has to do
with child SA negotiation. with child SA negotiation.
 End of changes. 5 change blocks. 
5 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/