Excerpt from RFC 5996 Sec 2.9 "To enable the responder to choose the appropriate range in this case, if the initiator has requested the SA due to a data packet, the initiator SHOULD include as the first Traffic Selector in each of TSi and TSr a very specific Traffic Selector including the addresses in the packet triggering the request."
I am not sure if there is a RFC dictated upper bound on the number of Traffic Selectors in each of TSi and TSr. Looking at the examples in the RFC you can surely have 1 or 2 selectors. But are any more allowed? The answer obviously effects the complexity of the responder's TS narrowing algo where a union of the incoming Traffic Selectors is an input. Thanks
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
