In a few places in the new section 2.23.1 in IKEv2bis, it says that one must have a trigger packet when starting negotiation. This assumption should be removed so as not to cause new requirements in IKEv2bis: there is no requirement for trigger packets in RFC 4306 or in the rest of IKEv2bis.
- "When the client starts creating the IKEv2 SA and Child SA for sending traffic to the server, it has a triggering packet with source IP address of IP1, and a destination IP address of IPN2" should be changed to "...it may have a triggering packet...". - "The first traffic selector of TSi and TSr SHOULD have very specific traffic selectors including protocol and port numbers from the packet triggering the request" should be changed to "...SHOULD have very specific traffic selectors including protocol and port numbers, such as from the packet...". - The same change is made in the third bullet of the client list near the end of the section. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec