2401bis issues

["Angelos D. Keromytis" <angelos@cs.columbia.edu>]

Here's the status of current 2401bis issues, and the resolution for a few of
them:

Rejected Issue 40 ("Interface SPD selector vs. per-interface SPD")
Rationale: This seems like an implementation issue, which won't affect
           interoperability.

Issues 44 ("forwarding table lookup to select virtual interface ID") and
       45 ("use of cache with de-correlated SPD")
are still open, waiting for 2401bis draft.

Rejected issue 67 ("IPsec management traffic")
Rationale: Implementation issue; we may want to add a paragraph describing the
           kinds of traffic an implementation may want to make sure are not
           affected by the SPD (e.g., IPv6 neighbor discovery, IKE), as a
           note to implementors.

Issue 68: see follow-on email

Rejected Issue 69 ("Multiple protocols per SPD entry")
Rationale: This is covered by
           issue 47 ("all selectors can be a list of ranges, per IKEv2 spec").

Accepted issue 74 ("inbound SA lookup -- multicast & unicast")

Issue 81 ("Handling outbound red fragments"): marked as possible reject
Rationale: since we decided not to adopt issue 49 ("red-side fragmentation
           option"), it doesn't make much sense to treat red fragments in this
           way. Yell if you disagree.

Issues 82 ("Creation of SAs - clarifications")
       85 ("DROP'd inbound packet - does not match SA")
 need more discussion; our feeling for 85 is that it would be best done through
 an IKE notification.

Accepted issue 86 ("Add IPv6 mobility header message type as selector")

Issue 87 ("Permit SGs to use transport mode when they are the endpoints of the communication") will likely be accepted.

-Angelos