Yaron Sheffer writes: > 3.5: this section is extremely liberal on what access control policies > people can implement, but that's too late to change now. However, we CAN at > least add a reference to RFC 4301, Sec. 4.4.3.1 (as was done in RFC 4945, > pki4ipsec). ... > The following new text, adapted from RFC 4945: > > The Peer Authorization Database (PAD) as described in RFC 4301 [XX] > describes the use of the ID payload in IKEv2 and provides a formal model for > the binding of identity to policy in addition to providing services that > deal more specifically with the details of policy enforcement. The PAD is > intended to provide a link between the SPD and the IKE security association > management. See RFC 4301 [14], Section 4.4.3 for more details.
This paragraph looks good for me. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec