[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Contradictory language in the 2401bis draft section 4.1?
Ken Ballou wrote:
> Am I misreading the text? I believe there is contradictory text in
> section 4.1 (draft-ietf-ipsec-rfc2401bis-02.txt).
>
> On one hand, in the third full paragraph on page 10, I read:
>
> "... transport mode MAY be used between security gateways or between a
> security gateway and a host."
>
> On the other hand, in the paragraph that spans pages 11 and 12, I read:
>
> "In general, whenever either end of a security association is a security
> gateway, the SA MUST be tunnel mode."
>
> I suspect the text following this sentence (citing an example of SNMP
> commands destined to the security gateway system) clarifies this. Still,
> I wonder whether I am entirely alone in finding the text somewhat confusing.
>
> - Ken
It seems like pg 11-12 should be updated. There are some other areas,
notably Appendix B, in section B.3.1, there's a note:
> Looking at the diagram below of a security gateway tunnel (as
> mentioned elsewhere, security gateways do not use transport
> mode)...
FWIW, it might be useful if the first section (4) refs our ID
(draft-touch-ipsec-vpn-*) on this issue, perhaps as informational
(though soon we should have an RFC number, hopefully).
Joe