Lou Berger writes: > Valery, > > How about this: > > OLD > Receive-side operation of IP-TFS does not require any per-SA > configuration on the receiver; as such, an IP-TFS implementation > SHOULD support the option of switching to IP-TFS receive-side > operation on receipt of the first IP-TFS payload. > > NEW > Receive-side operation of IP-TFS does not require any per-SA > configuration on the receiver; as such, for tunnels created > without IKE, an IP-TFS implementation > SHOULD support the option of switching to IP-TFS receive-side > operation on receipt of the first IP-TFS payload for tunnels. > > I can live with MAY, but would prefer SHOULD. > > Does this work for you?
I have to admit that I have not read this draft, but noting, that most of the cipher we use do require automated key management like IKE, I just wonder are you really going to be limited to 3DES, or what automated key management you are going to be using instead of IKE, and how can you guarantee that it actually does its job correctly for securing the key management over reboots etc. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
