pasi.ero...@nokia.com writes: > The original text in RFC 4306 was slightly confusing, but I think we > should leave room for ROHCoIPsec here. Perhaps adding something like > this after the bulleted list? > > If the Child SA negotiation includes some future IPsec protocol(s) > in addition to (or instead of) ESP or AH (e.g., ROHC_INTEG), then > (1) all keys for SAs carrying data from the initiator to the > responder are taken before SAs going in the reverse direction, and > (2) keying material for the IPsec protocols are taken in the order > in which the protocol headers will appear in the encapsulated > packet.
That looks good for me. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec