On Sep 19, 2020, at 01:09, Benjamin Kaduk <ka...@mit.edu> wrote: > > > I would expect there to be some people pushing to have this be a capability > negotiation that honors the client's preference, not the server's; the > scenario you describe is one where the server's preference is used. > (To be fair, I'm not following ADD much at all, though, so I could be > wrong.)
That is not how the CP payloads work. The initiator sends a set it is okay with and the responder picks what it prefers from that set. Or an error if it deems all of it bad. I would still prefer a single request for encrypted DNS and a reply with servers with capabilities. Asking for all these different types will be more complicated. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
