Paul Wouters <p...@nohats.ca> wrote:
>> These two choices are somewhat arbitrary, i am sure some vendor
>> not following this draft will later come and complain that he
>> prefers GRE in tunnel mode or IPinIP tunnel or transport mode,
> Note that you cannot _require_ transport mode, as the IKEv2
> protocol only allows you to _suggest_ transport mode. The peer
> can reject that suggestion and insist the connection uses
> tunnel mode.
I don't agree.
The IPsec WG does not mandate transport mode in order to be compliant to
RFC4301 and RFC7296.
If I ask for transport mode, and the other end does not agree to do it, I can
certainly drop the negotiation.
The ANIMA WG *can* write a stronger requirement, because that does not
contradict RFC7296. We can't make something optional that IPsec requires,
(such as ESP without authentication, or other dumb thing).
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
