On Thu, 12 Dec 2019, Russ Housley wrote:
If the initiator wants to use labels but the responder does not support labels, will the initiator move forward anyway? Doing so would seem surprising to me. The point of the label is to indicate what handling is needed to adequately protect the data. Moving forward without the responder agreeing to that handling seems unlikely to me. Are there situations where moving forward is "the right thing"?
I don't think anyone has come up with a real use case where the security labels are optional.
If not, then Option 1 makes the most sense to me.
noted. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
