Hi Yoav,
Hi, Valery
[no hats]
Thanks for that.
I think this demonstrates that the current document is not enough and we will
need some follow-up documents explaining when to use either case.
I don’t think it’s very useful for the controller to distribute a policy (SPD
entries)
Changed milestone "IETF Last Call on Split-DNS Configuration for IKEv2",
added draft-ietf-ipsecme-split-dns to milestone.
Changed milestone "IETF Last Call on Implicit IV in IPsec", resolved as
"Done", added draft-ietf-ipsecme-implicit-iv to milestone.
Changed milestone "IETF Last Call on partial
Comments:
* I have issues with the draft's emphasis on fixed SPI values. One reason
for the SPI value is to handle key updates cleanly; during the transition, the
SPI can be used to indicate whether the packet was encrypted with the previous
set of key or the new ones. As we really don't
Thanks Scott for the comment. I will address them tomorrow, I am just
sharing the review to the lwig list.
Yours,
Daniel
On Sun, Jul 21, 2019 at 8:17 PM Scott Fluhrer (sfluhrer)
wrote:
> Comments:
>
>
>
>- I have issues with the draft’s emphasis on fixed SPI values. One
>reason for the
