Me too, but the draft still requires *some* selectors, so the childless draft is still needed.
-----Original Message----- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Raj Singh Sent: Wednesday, February 03, 2010 5:25 AM To: Dan McDonald Cc: IPsecme WG; Paul Hoffman Subject: Re: [IPsec] Issue #173: Trigger packets should not be required I support this change. On Wed, Feb 3, 2010 at 4:22 AM, Dan McDonald <dan...@sun.com> wrote: > On Tue, Feb 02, 2010 at 02:49:11PM -0800, Paul Hoffman wrote: >> In a few places in the new section 2.23.1 in IKEv2bis, it says that one >> must have a trigger packet when starting negotiation. This assumption >> should be removed so as not to cause new requirements in IKEv2bis: there is >> no requirement for trigger packets in RFC 4306 or in the rest of IKEv2bis. > > BTW, this change makes a path to no-child-SA AUTH exchanges simpler. It's > much simpler to have a no-child-SA creation of an IKE SA when you aren't > initiating in the service of a triggering packet. > >> - "When the client starts creating the IKEv2 SA and Child SA for sending >> traffic to the server, it has a triggering packet with source IP address of >> IP1, and a destination IP address of IPN2" should be changed to "...it may >> have a triggering packet...". > > This new text is fine. > >> - "The first traffic selector of TSi and TSr SHOULD have very specific >> traffic selectors including protocol and port numbers from the packet >> triggering the request" should be changed to "...SHOULD have very specific >> traffic selectors including protocol and port numbers, such as from the >> packet...". > > As is this new text. > > Dan > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
