Hi Ari, On 04/10/2016 09:28 AM, Ari Keränen wrote:
3.2. Forwarding Rules and Permissions > > > >Permissions are not required for the connectivity checks, but if a > >relayed address is selected to be used for data, the registered host > >MUST send an UPDATE message [RFC7401] with a PEER_PERMISSION > >parameter (see Section 4.2) with the address of the peer and the > >outbound and inbound SPI values the host is using with this peer.> >PEER_PERMISSION is not a part of RFC5770, why is it introduced here?Because that's needed for the data relay in order to have the same functionality as TURN server (c.f. PEER_PERMISSION in TURN RFC), i.e., to allow only explicitly singled peers to connect to the host via relay.
I would also suggest mentioning that PEER_PERMISSION must include a SEQ parameter to make sure that we have retransmissions (data relay sends an ACK).
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec