--------------------

Pasi Eronen (2005-08-04):

It might be a good idea to move the MOBIKE_SUPPORTED payload from its
current place (IKE_SA_INIT) to IKE_AUTH.

This would allow per-user policy on whether use of MOBIKE is allowed
or not, and it would help in fragmentation concerns (fragmenting
IKE_SA_INIT is bad, fragmenting other messages less so).

There doesn't seem to be any good reasons not do this (we don't seem
to have any functionality that would need to know about MOBIKE already
in IKE_SA_INIT phase).

Several people supported this change in the meeting (and nobody
opposed it), so unless anyone on the mailing list objects, I'll move
the payload to IKE_AUTH in version -02 (in case of multiple IKE_AUTH
exchanges, the messages containing the SA payloads, like most other
things).

--------------------

IETF63 MOBIKE WG minutes:

37: Move MOBIKE supported notification from IKEv2_SA_INIT to AUTH
exchange
        
        Allows per user policy about whether MOBIKE is allowed
        
        Hannes: less fragmentation risk if added to AUTH
        
        Jari A: Clarification req: 
        
        Tero:  Can't fragment the first packet, because can't do
        stateless IKEv2 exchange.  Let's keep IKEv2_SA_INIT packet very
        small and allow the stateless feature to be continued to be
        supported. NAT-T may make the notification even larger.
        
        Seems like there is consensus on this.

--------------------

Jari Arkko (2005-08-15):

Issue 37: Move MOBIKE supported notification from
IKEv2_SA_INIT to AUTH exchange. Lessens the
fragmentation problem, and allows also per-use
mobike usage policy.

--------------------

Tero Kivinen (2005-08-23):

Moving the notification solves the issue 35, so I think we should move
the notifications.

--------------------