Daniel Palomares writes: > So, would you think it is a good idea to add this information to the draft (I > mean the new requirements when IKE_SAs and IPsec_SAs are on separated nodes)? > ... Or instead, would you think it would be good to ignore how applications > are managing their IPsec_SAs and IKE_SAs and just delete the sentence " Note > that IKEv2 and IPsec session do not need to be on the same node as IKEv2 and > IPsec context are different".
We definately need to add text explaining the situation, as it is important that implementors understand the RFC5996 requirement. > We could also just mention that we wish to make clear that there are > parameters related to the IKE_SA and others for the IPsec_SA. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
