0 18:53
> To: Dan McDonald; ipsec@ietf.org
> Subject: Re: [IPsec] Still incorrect understanding of PF_KEY in
> ikev2bis-08
>
> [[ This message has gotten no replies. I am far from a PF_KEY expert,
> and need to hear from the WG before proceeding. --Paul Hoffman ]]
>
> At 4:34 PM
[[ This message has gotten no replies. I am far from a PF_KEY expert, and need
to hear from the WG before proceeding. --Paul Hoffman ]]
At 4:34 PM -0500 3/2/10, Dan McDonald wrote:
>Even as of draft-08, section 2.9:
>
> When an RFC4301-compliant IPsec subsystem receives an IP packet that
> ma
Even as of draft-08, section 2.9:
When an RFC4301-compliant IPsec subsystem receives an IP packet that
matches a "protect" selector in its Security Policy Database (SPD),
the subsystem protects that packet with IPsec. When no SA exists
yet, it is the task of IKE to create it. Mainten
