[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure remote access with IPsec
In your previous mail you wrote:
Tero, your text looks good and I like this. I'm OK with
notification approach. I also agree with your approach
to require the routability test everytime. There are
situations where you could avoid it, but imho SHOULD
is the right keyword right now; folks that want to work
out optimized signaling sequences can do the work on their
or later to figure out in which cases you can actually
leave it out. Finally, its good to allow the notification
to be sent from either the old or the new address; the
former may make sense when you know beforehand that you
will move.
=> your position is not sound: if you allow an update for
a future movement ("Finally, ...") then the mandatory routability
check won't work.
Regards
Francis.Dupont@enst-bretagne.fr
PS: it is too soon to discuss this, the urgent stuff is to have
a good document for IKEv2 out, and we agreed to postpone the
explicit update mechanism.