[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
2401bis issues
Here's the status of current 2401bis issues, and the resolution for a few of
them:
Rejected Issue 40 ("Interface SPD selector vs. per-interface SPD")
Rationale: This seems like an implementation issue, which won't affect
interoperability.
Issues 44 ("forwarding table lookup to select virtual interface ID") and
45 ("use of cache with de-correlated SPD")
are still open, waiting for 2401bis draft.
Rejected issue 67 ("IPsec management traffic")
Rationale: Implementation issue; we may want to add a paragraph describing the
kinds of traffic an implementation may want to make sure are not
affected by the SPD (e.g., IPv6 neighbor discovery, IKE), as a
note to implementors.
Issue 68: see follow-on email
Rejected Issue 69 ("Multiple protocols per SPD entry")
Rationale: This is covered by
issue 47 ("all selectors can be a list of ranges, per IKEv2 spec").
Accepted issue 74 ("inbound SA lookup -- multicast & unicast")
Issue 81 ("Handling outbound red fragments"): marked as possible reject
Rationale: since we decided not to adopt issue 49 ("red-side fragmentation
option"), it doesn't make much sense to treat red fragments in this
way. Yell if you disagree.
Issues 82 ("Creation of SAs - clarifications")
85 ("DROP'd inbound packet - does not match SA")
need more discussion; our feeling for 85 is that it would be best done through
an IKE notification.
Accepted issue 86 ("Add IPv6 mobility header message type as selector")
Issue 87 ("Permit SGs to use transport mode when they are the endpoints of the communication") will likely be accepted.
-Angelos