Gandhar Gokhale writes: > Thank you Tero. It clarifies my doubt. > However, with a SHOULD clause it's not quite apparent in the RFC that > this is just an 'optimization' for IPv4. And since the RFC claims that > there is no technical reason for this not to work with IPv6 it becomes > incompatible set of statements.
I think the SHOULD clause is VERY clear that it only covers IPv4. The "IPv4" text was added there in the -08 version of the draft-ietf-ipsec-udp-encaps draft just because there was comment that checksum cannot be zero on IPv6... And NAT-T does work with IPv6, but some things are different with IPv4 and IPv6... > Now, seen in the light of optimization it makes sense to me. SHOULD > clause can be defied if there's a strong reason for it and > incompatibility of IPv6 is sufficiently strong reason to defy this > SHOULD, I suppose. There is nothing in the document saying how you should set checksum field if you are using IPv6. There is SHOULD saying that "IPv4 UDP Checksum" SHOULD be transmitted as zero. That SHOULD does not apply at all, unless you are using IPv4. Even if you are using this with IPv6, you can set the "IPv4 UDP checksum" to zero, but of course "IPv6 UDP checksum" is completely different thing, and that must be set, as defined in the IPv6 specifications. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
