On Sat, Oct 13, 2012 at 4:35 PM, Paul Wouters <[email protected]> wrote: > On Fri, 12 Oct 2012, Dan Harkins wrote: > - I'm still not a fan of narrowing, see my earlier comments on ipsecme. > It destroys the concept of a tunnel being "up" or "down". If you > insist on narrowing, clearly state what should happen for traffic > selectors outside the narrowed set, DROPed or ACCEPTed plaintext? > Related: all the IKEv2 text about meaning of the first and second TS > payload is missing (eg the src/dst of the trigger and the src/dst of > the negiating SA). Was that intentional?
There's been some discussion of this and I don't think tunnel state is that simple a concept even w/o SA narrowing. Quite aside from that there are non-VPN use cases for narrowing SAs, so I'd like that to remain. > - Why still support AH? Indeed, just remove AH. > - Should compression be disallowed? Or at least NOT RECOMMENDED. Nico -- _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
