Hi Erik , Thank you for the comments.
Focusing on the second question as I already clarified the first one. The notification codes are designed so that the responder will always reply with the same values (that reflect its capabilities) and not as a function of the request. So, both codes will be returned together with the assigned address/prefix. If the initiator is still interested in the other AF, it has to follow: If a dual-stack initiator requests both an IPv6 prefix and an IPv4 address but receives an IPv6 prefix (or an IPv4 address) only with both IP4_ALLOWED and IP6_ALLOWED notification status types from the responder, the initiator MAY send a request for the other AF (i.e., IPv4 address (or IPv6 prefix)). In such case, the initiator MUST create a new IKE Security Association (SA) and request that another address family using the new IKE SA. Cheers, Med > -----Message d'origine----- > De : Erik Kline via Datatracker [mailto:nore...@ietf.org] > Envoyé : jeudi 17 décembre 2020 03:15 > À : The IESG <i...@ietf.org> > Cc : draft-ietf-ipsecme-ipv6-ipv4-co...@ietf.org; ipsecme- > cha...@ietf.org; ipsec@ietf.org; David Waltermire > <david.walterm...@nist.gov>; Yoav Nir <ynir.i...@gmail.com>; > ynir.i...@gmail.com > Objet : Erik Kline's Yes on draft-ietf-ipsecme-ipv6-ipv4-codes-05: > (with COMMENT) > > Erik Kline has entered the following ballot position for > draft-ietf-ipsecme-ipv6-ipv4-codes-05: Yes > > When responding, please keep the subject line intact and reply to > all email addresses included in the To and CC lines. (Feel free to > cut this introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ipv6-ipv4-codes/ > > > > -------------------------------------------------------------------- > -- > COMMENT: > -------------------------------------------------------------------- > -- > > [[ comments/questions ]] > > [ section 5 ] > > * I concur with Eric V. w.r.t. MUST vs SHOULD for dualstack > initiators. > As written it seems to me like it might be overspecified. > > * I'm confused about the last entry in the table. If there's a > policy > restriction to only a single address family, are both IP4 and IP6 > _ALLOWED returned? Instead of "4,6" should this be "4|6"? > > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
