Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

add 'question' file.

  • Loading branch information...
commit 1c1de36fbe0bcb5f403c53100285c2428c546ec3 1 parent 86684e7
sakane authored
Showing with 34 additions and 0 deletions.
  1. +34 −0 kame/kame/racoon/doc/question
View
34 kame/kame/racoon/doc/question
@@ -0,0 +1,34 @@
+$Id: question,v 1.1 2000/01/09 21:45:53 sakane Exp $
+
+HOW DO I DO ?
+o ID payload handling in phase 2 besides IPSECDOI_ID_IP*.
+ e.g. IPSECDOI_ID_DER_ASN1_DN. Well, are these used in phase 2 ?
+o What should I do when HARD expiration has come ?
+o When node has multi address, I check only destination address on phase 2.
+ Must be check both with src and dst ?
+o replay prevention
+ limited number of session
+ limited session per peer
+ number of proposal
+ ....
+o how to support multi interfaces ?
+ connect to dummy, like ping6.
+ bind multi address, like named.
+ now is former.
+o The padding for data attribute.
+o vendorid's hash algorithm
+ For aggressive mode ?.
+ In mail mode, should I use negotiated algorithm ?
+o encryption during aggressive mode.
+ when receive encrypted packet of 1st exchange from responder,
+ it can be decoded. When we are responder, should we send encrypted ?
+o packet padding ? in particular, variable attribute.
+o What is the perpose of exchange of DH attribute on quick mode ?
+o Should I do acceptable check of phase 2 pfs group ?.
+ If initiator requests PFS, should we accept without acceptable check.
+o base mode
+ 3.1. Base Mode Authenticated with Signatures
+ HDR, SA, Idii, Ni_b =>
+ Ni ???
+ <= HDR, SA, Idir, Nr_b
+ Nr ?
Please sign in to comment.
Something went wrong with that request. Please try again.