On Wed, Mar 11, 2009 at 12:35:36PM -0700, Paul Hoffman wrote: > At 12:44 PM +0100 3/11/09, <pasi.ero...@nokia.com> wrote:
<SNIP!> > >Right... but if the client does not have a PAD entry for gw2's IDr, > >then the IKE negotiation will fail. (I guess we're not considering > >updating the PAD based on REDIRECTs.) <SNIP!> > Co-chair-hat off: > > Right, and we should not consider that, given the difficulty of bounding > the security considerations if we do so. I agree with Paul regardless of which hat he's wearing, but my reason for agreeing with him is more along the lines of his sans-hat look. :) Dan _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
