Hi Paul, > On Wed, 6 Sep 2023, Antony Antony wrote: > > > Here is a proposed text for the I-D. > > > > "Upon completing an IKE negotiation, an IPsec peer wishing to ascertain the > > viability of the path for ESP packets MAY initiate an ESP Echo Request > > I would change this to: > > "After completing an IKE negotiation, an IPsec peer wishing to verify > the viability of the current network path for ESP packets MAY initiate > an ESP Echo Request" > > As in, you can do it immediately after the IKE SA is established, or at > any time later as well.
Completing IKE negotiation doesn't always mean that IPsec SAs are created. (e.g., in case of childless IKE or non-fatal error in creating Child SAs). More accurate text is needed. Regards, Valery. > Paul > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
