On Wed, 27 May 2015, Stephen Farrell wrote:
- 2.5: "hand out" is an odd phrase here - would be better to expand on that I think and say more precisely what should never be done.
How about: OLD: A rogue IKE peer could use malicious Traffic Selectors to obtain access to traffic that the host never intended to hand out. NEW: A rogue IKE peer could use malicious Traffic Selectors to trick a remote host into giving it IP traffc that the remote host never intended to be send to remote IKE peers. For example, if the remote host uses 192.0.2.1 as DNS server, a rogue IKE peer could set its Traffic Selector to 192.0.2.1 in an attempt to receive the remote peer's DNS traffic. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
