< draft-nir-ike-nochild-00.txt		draft-nir-ike-nochild-01.txt >
	Network Working Group Y. Nir		Network Working Group Y. Nir
	Internet-Draft Check Point		Internet-Draft Check Point
	Intended status: Standards Track May 21, 2009		Intended status: Standards Track May 31, 2009
	Expires: November 22, 2009		Expires: December 2, 2009
	A Childless Initiation of the IKE SA		A Childless Initiation of the IKE SA
	draft-nir-ike-nochild-00		draft-nir-ike-nochild-01
	Status of this Memo		Status of this Memo
	This Internet-Draft is submitted to IETF in full conformance with the		This Internet-Draft is submitted to IETF in full conformance with the
	provisions of BCP 78 and BCP 79.		provisions of BCP 78 and BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that		Task Force (IETF), its areas, and its working groups. Note that
	other groups may also distribute working documents as Internet-		other groups may also distribute working documents as Internet-
	Drafts.		Drafts.
	skipping to change at page 1, line 32 ¶		skipping to change at page 1, line 32 ¶
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	The list of current Internet-Drafts can be accessed at		The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt.		http://www.ietf.org/ietf/1id-abstracts.txt.
	The list of Internet-Draft Shadow Directories can be accessed at		The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html.		http://www.ietf.org/shadow.html.
	This Internet-Draft will expire on November 22, 2009.		This Internet-Draft will expire on December 2, 2009.
	Copyright Notice		Copyright Notice
	Copyright (c) 2009 IETF Trust and the persons identified as the		Copyright (c) 2009 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents in effect on the date of		Provisions Relating to IETF Documents in effect on the date of
	publication of this document (http://trustee.ietf.org/license-info).		publication of this document (http://trustee.ietf.org/license-info).
	Please review these documents carefully, as they describe your rights		Please review these documents carefully, as they describe your rights
	skipping to change at page 4, line 19 ¶		skipping to change at page 4, line 19 ¶
	described in Section 5, if the VID payload was included in the		described in Section 5, if the VID payload was included in the
	IKE_INIT response. The initiator MUST NOT send the modified IKE_AUTH		IKE_INIT response. The initiator MUST NOT send the modified IKE_AUTH
	request if the VID was not present.		request if the VID was not present.
	A supporting responder that advertised the VID payload in the		A supporting responder that advertised the VID payload in the
	IKE_INIT response MUST process a modified IKE_AUTH request, and MUST		IKE_INIT response MUST process a modified IKE_AUTH request, and MUST
	reply with a modified IKE_AUTH response. Such a responder MUST NOT		reply with a modified IKE_AUTH response. Such a responder MUST NOT
	reply with a modified IKE_AUTH response if the initiator did not send		reply with a modified IKE_AUTH response if the initiator did not send
	a modified IKE_AUTH request.		a modified IKE_AUTH request.
			A supporting responder that has been configured not to support this
			extension to the protocol MUST behave as the same as if it didn't
			support this extension. It MUST NOT advertise the capability with a
			VID payload, and it SHOULD reply with an INVALID_SYNTAX Notify
			payload if the client sends an IKE_AUTH request that is modified as
			described in Section 5.
	4. VID Payload		4. VID Payload
	The VID payload is as described in [RFC4306] with the data as		The VID payload is as described in [RFC4306] with the data as
	follows:		follows:
	73da4b423dd9f75563b15b9f918650fc		73da4b423dd9f75563b15b9f918650fc
	This value was obtained by hashing the string "Will do IKE_AUTH		This value was obtained by hashing the string "Will do IKE_AUTH
	without child SA payloads"		without child SA payloads"
	skipping to change at page 5, line 24 ¶		skipping to change at page 5, line 24 ¶
	[V+]		[V+]
	/ --> EAP		/ --> EAP
	repeat 1..N times |		repeat 1..N times |
	\ <-- EAP		\ <-- EAP
	last request --> AUTH		last request --> AUTH
	last response <-- AUTH,		last response <-- AUTH,
	[CP(CFG_REPLY)],		[CP(CFG_REPLY)],
	[N(ADDITIONAL_TS_POSSIBLE)],
	[V+]		[V+]
	Note what is missing:		Note what is missing:
	o The optional notifications: IPCOMP_SUPPORTED, USE_TRANSPORT_MODE,		o The optional notifications: IPCOMP_SUPPORTED, USE_TRANSPORT_MODE,
	ESP_TFC_PADDING_NOT_SUPPORTED, and NON_FIRST_FRAGMENTS_ALSO.		ESP_TFC_PADDING_NOT_SUPPORTED, and NON_FIRST_FRAGMENTS_ALSO.
	o The SA payload.		o The SA payload.
	o The traffic selector payloads.		o The traffic selector payloads.
	o Any notification, extension payload or VendorID that has to do		o Any notification, extension payload or VendorID that has to do
	with child SA negotiation.		with child SA negotiation.
End of changes. 5 change blocks.
	5 lines changed or deleted		11 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/