Valery Smyslov <[email protected]> writes:
If there really is no way to work around this, I suppose we just require retransmissions of CC info reports until they are ACKd or things are torn down b/c of drops (i.e., normal INFO exchange). It does feel like we are adding fragility here that isn’t really needed though. It makes the functioning of the unidirectional tunnel depend more heavily on the reverse direction traffic working when that isn’t actually needed for the tunnel to operate.Yes, don't break IKE core things.
I was hoping there would be an openness to possible improvements, and wasn't looking to just break well established protocols. An earlier mail from Paul made it sound like other use-cases have wanted for expanded functionality as well. This isn't a blocker for this work, so if other people agree that it's not worth trying to improve IKE to support this use case, we can just conform rather than try to improve things. Thanks, Chris.
Regards, Valery.Thanks, Chris.
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
