[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ikev2 Traffic Selector payload
>From my reading of the policy database, this wouldn't happen. Bob might
narrow the choices in one of two cases:
a) his policy excludes the range of the original packet, in which
case Alice can't forward this packet to Bob no matter what she does, or
b) his policy says only a single source/destination pair allowed on any SA,
in which case he responds with notification #34-single-pair-required
Radia
****************
From: "David W. Faucher" <dfaucher@lucent.com>
Regarding draft-ietf-ipsec-ikev2-02.txt section 2.9:
"The Responder is allowed to narrow the choices
by selecting a subset of the traffic..."
How do we avoid the situation where the reduced set
does not encompass the selectors of the original packet
on the initiator which started the negotiation?
David