Paul Wouters <[email protected]> wrote: >> These two choices are somewhat arbitrary, i am sure some vendor >> not following this draft will later come and complain that he >> prefers GRE in tunnel mode or IPinIP tunnel or transport mode,
> Note that you cannot _require_ transport mode, as the IKEv2
> protocol only allows you to _suggest_ transport mode. The peer
> can reject that suggestion and insist the connection uses
> tunnel mode.
I don't agree.
The IPsec WG does not mandate transport mode in order to be compliant to
RFC4301 and RFC7296.
If I ask for transport mode, and the other end does not agree to do it, I can
certainly drop the negotiation.
The ANIMA WG *can* write a stronger requirement, because that does not
contradict RFC7296. We can't make something optional that IPsec requires,
(such as ESP without authentication, or other dumb thing).
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
