The draft says:
After this address substitution, both the traffic selectors and the
IKE UDP source/destination addresses look the same, and the server
does SPD lookup based on those new traffic selectors. If an entry is
found and it allows transport mode, then that entry is used. If an
entry is found but it does not allow transport mode, then the server
MAY undo the address substitution and redo the SPD lookup using the
original traffic selectors. . . .
and then later on it says:
For the responder, when transport mode is proposed by client:
. . .
- If no SPD entry was found, or if found SPD entry does not
allow transport mode, undo the traffic selector substitutions.
Do PAD and SPD lookup again using the ID and original traffic
selectors, but also searching for tunnel mode SPD entry (that
is, fall back to tunnel mode).
Because of the MAY in the first paragraph, I suggest that we reword the
second quote. Perhaps we can simply say "optionally undo".
Scott Moonen (smoo...@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://www.linkedin.com/in/smoonen_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
