[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Don't remove TS from IKEv2



The purpose of traffic selectors is *not* to modify the SPD, but
rather to allow policy compatibility (or lack thereof) to be
discovered sooner rather than later.

While this is completely irrelevant for centrally-provisioned VPN's,
it's extremely important for opportunistic use of IPsec between
systems under heterogenous administration.

I'd rather not see IPsec limited to VPN's, and as such strongly
support the continued presence of traffic selectors in the protocol.

				- Bill
				(a solaris ipsec implementor)