HI Paul, > On Tue, 30 Aug 2022, mohamed.boucad...@orange.com wrote: > > > This version takes into account the comments received during the WGLC, > > mainly the edits suggested by > Tommy. > > If the initiator sends multiple attributes of a particular type in > the request, all of them MUST be distinct (either be empty or > containing different suggested resolvers). > > What does it mean when multiple attributes of a particular type are > sent, where one is empty and one is not empty? I think perhaps this > text means to say either it sends one empty one, or it sends multiple > non-empty ones?
Yes (with a clarification - multiple _distinct_ non-empty ones). > Another comment on text unchanged in the latest revision that I just > noticed: > > For split-tunnel VPN configurations, the endpoint uses the > Enterprise-provided encrypted DNS resolver to resolve internal-only > domain names. > > What if one of the reasons I want a split-tunnel, is to actually use an > encrypted DNS over the VPN to protect my non-VPN traffic? This use case > is not captured in A1? It seems so. Regards, Valery. > Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
