Hi,
A new draft has been published regarding the use of non-traditional
traffic selectors in IPsec. This document discusses some of the
issues of relevance if one is to define new Traffic Selectors
(TS Type other than 7 and 8).
Please feel free to comment on this draft, or direct me to a mor
Hi Raj,
It sounds like you want a critical payload (RFC 4306, Sec. 2.5), probably a
payload with no data. In fact the draft could specify both options, the
current VID and such a payload, and leave it to the Initiator to decide
which behavior it prefers. Different scenarios might call for diffe
Hi Yoav,
Mostly the Initiator will decide that it wants to bring UP only IKE SA
without child SA.
But currently there is no notify/VID from Initiator to Responder to indicate
that initiator wants to bring only IKE SA. Even if responder does not
supports "childless IKE_AUTH", it will process IKE_SA
