Hi,
It was explicitly decided that not including non relevant attributes MUST NOT cause rejection of an IPComp proposal. One of the reasons for the decision was that _no_ implementation was expecting the non relevant attributes in an IPComp proposal. Keeping the liberal spirit alive, receivers should quietly ignore irrelevant attributes. The decision was posted to the ippcp and ipsec lists and later reflected in the rfc2393bis I-D.
[...]
Why not change the quick mode consistency requirements to the
following:
1. the sender SHOULD include a d-h group attribute in every
transform.
2. each occurrence of the d-h group attribute MUST have the
same value.
3. the receiver MUST accept the sa payload if there are no
conflicts in the occurrences of the d-h group attribute,
regardless of the number of occurrences of the attribute.
Thus it is acceptable to:
a) have no d-h group attributes => meaning: no d-h
b) have one or more d-h group attributes in any
transforms => use d-h group; the same d-h group
applies to all proposals. The receiver MUST check
that all occurrences have the same value.
4. if there are conflicting d-h group attributes in the proposals
(different values) => proposal must be rejected; the receiver
MUST check for this condition.
This is the most liberal reception guideline I can think of wrt
ike qm d-h group.
Sami
--
Sami Vaarala / Pygmy Projects - We make it small!
www.iki.fi/~silvere /
silvere@iki.fi / No matter where you go, there you are.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.