BTW, Just a quick last question, to make sure I get this right:
>>>> Oh, OK - then you would want to say that the keyID and nextkeyIDs fall >>>> under BOTH SEND/RECEIVE and the CONNECTION.MAINTENANCE section. When handing over the keyID and nextkeyIDs on SEND, this just means that these new values are valid from the time SEND was called, right? It's not tied to the specific data block that's being handed over? (I'm asking because that's a difference to SCTP, where it's possible to decide to authenticate a particular data chunk that's handed over. For TCP, this would be pretty unusual, I think, but perhaps also implementable...) Cheers, Michael _______________________________________________ Taps mailing list Taps@ietf.org https://www.ietf.org/mailman/listinfo/taps