On Tue, 30 Aug 2022, mohamed.boucad...@orange.com wrote:
This version takes into account the comments received during the WGLC, mainly
the edits suggested by Tommy.
If the initiator sends multiple attributes of a particular type in
the request, all of them MUST be distinct (either be empty or
containing different suggested resolvers).
What does it mean when multiple attributes of a particular type are
sent, where one is empty and one is not empty? I think perhaps this
text means to say either it sends one empty one, or it sends multiple
non-empty ones?
Another comment on text unchanged in the latest revision that I just
noticed:
For split-tunnel VPN configurations, the endpoint uses the
Enterprise-provided encrypted DNS resolver to resolve internal-only
domain names.
What if one of the reasons I want a split-tunnel, is to actually use an
encrypted DNS over the VPN to protect my non-VPN traffic? This use case
is not captured in A1?
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
