I support this change.
On Wed, Feb 3, 2010 at 4:22 AM, Dan McDonald <dan...@sun.com> wrote: > On Tue, Feb 02, 2010 at 02:49:11PM -0800, Paul Hoffman wrote: >> In a few places in the new section 2.23.1 in IKEv2bis, it says that one >> must have a trigger packet when starting negotiation. This assumption >> should be removed so as not to cause new requirements in IKEv2bis: there is >> no requirement for trigger packets in RFC 4306 or in the rest of IKEv2bis. > > BTW, this change makes a path to no-child-SA AUTH exchanges simpler. It's > much simpler to have a no-child-SA creation of an IKE SA when you aren't > initiating in the service of a triggering packet. > >> - "When the client starts creating the IKEv2 SA and Child SA for sending >> traffic to the server, it has a triggering packet with source IP address of >> IP1, and a destination IP address of IPN2" should be changed to "...it may >> have a triggering packet...". > > This new text is fine. > >> - "The first traffic selector of TSi and TSr SHOULD have very specific >> traffic selectors including protocol and port numbers from the packet >> triggering the request" should be changed to "...SHOULD have very specific >> traffic selectors including protocol and port numbers, such as from the >> packet...". > > As is this new text. > > Dan > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
