Valery Smyslov writes: > > So do you think it would be appropriate to mandate these matching rules in > > rfc5996bis, or should this be left to AD-VPN solutions. IOW, is such a > > standard rule needed for generic IKE/IPsec? > > It's definitely worth to mention these rules in RFC5996bis, or at least > point to the RFC4945.
I think adding pointer could be useful, I do not think we should go in to any kind of details about those. Also the RFC4945 is just one profile document, there can also be others. For example some big enterprise or goverment might create their own profile setting different set of rules, and require the implementations they buy to conform to that profile. Most of this is just what kind of policy setups and configurations can be done on the implementation, it does not affect the bits on the wire. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
