Yaron Sheffer wrote: > [Sec. 3.15.1:] > > Tero: > > The text 'The requested address is valid until there are no IKE_SAs > between the peers.' is incorrect, it most likely should say 'The > requested address is valid as long as this IKE SA (or its rekeyed > successors) requesting the address is valid.' > > I.e. even if another IKE SA is created between the peers that does > not keep the address allocated in another IKE SA alive, unless it is > also allocated in that IKE SA. This is especially the case where > let's say multi user hosts do per user IKE SAs and want to allocate > IP addresses separately for each user. > > Paul: Not done. This should be discussed on the mailing list.
I think Tero is right; the scope of configuration payloads is this IKE SA *and* its continuations via rekeying. Best regards, Pasi _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
