Yoav Nir writes: > I think it's time to resolve this. Do we leave this as-is, or do we > cut down the applicability.
I am in favor of making the protocol simplier to implement and especially much simplier to test, and restrict the token taker and token maker roles to initiator and responder respectively. In site to site VPN case there are more efficient methods for recovery which are faster than QCD and which are already allowed in IKEv2 specification and do not require special handling from the other end. I have explained those in my previous emails: http://www.ietf.org/mail-archive/web/ipsec/current/msg06573.html http://www.ietf.org/mail-archive/web/ipsec/current/msg06579.html -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
