[Swan-dev] ikev2parent_inI1outR1 parsing questions
Paul Wouters
paul at nohats.ca
Thu Jan 21 22:24:29 UTC 2016
On Thu, 21 Jan 2016, Andrew Cagney wrote:
> That, fortunately, is beyond the scope of what I'm changing.
:)
> Yes. For instance, given:
>
> - initiator proposes KE=1500 MODP=1500 2000
> - responder has MODP=4000,2000
>
> then if tje responder sends back INVALID_KE(4000) (its default),
> instead of INVALID_KE(2000) (from matching proposal), then the
> initiator is going to drop that response on the floor and an interop
> that should work won't.
We should never send back a KE value along with INVALID_KE that the
originator did not propose - unless maybe only when there is no
overlap between initiator and responder groups, so that at least
the initiator knows what to add to their proposal next time.
Paul
More information about the Swan-dev
mailing list