> ESP isn't a tunnelling protocol... ;) You meant an ESP SA, right? Er, yes. :)
> OTOH, what is an ESP clarification doing in IKEv2? IIRC, there was a request at one point to allow for ESP and UDP-encap ESP to be completely interchangeable for any given packet at the discretion of the sender. Several folks, including myself, objected to the broadness of that; I vaguely recall you might have even had something to say about this in reference to IPv6. I think this text represented a compromise -- you could only send UDP-encap if you had evidence that the peer supported NAT traversal (and therefore UDP encapsulation) for this SA. Scott Moonen (smoo...@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Dan McDonald <dan...@sun.com> To: ipsec@ietf.org Date: 01/08/2010 10:22 PM Subject: Re: [IPsec] No UDP encapsulation with IKEv2 over port 4500? On Fri, Jan 08, 2010 at 04:53:25PM -0500, Scott C Moonen wrote: > Dan, I think the intent of that text was to read "non-UDP encapsulated" as > "non-UDP encapsulated [ESP]". I.e., it is not saying you should support > both UDP-encapsulation and vanilla UDP on port 4500; it is saying that you > should support UDP encapsulation for an ESP tunnel even if a NAT was not > detected for that tunnel. ESP isn't a tunnelling protocol... ;) You meant an ESP SA, right? OTOH, what is an ESP clarification doing in IKEv2? > So it might be good to reword it to clarify, Yes, it definitely would be! Anyone else who's an actual document editor agree with Scott and me? Dan _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
