Section 2.23, 4th bullet:
o The recipient of either the NAT_DETECTION_SOURCE_IP or
NAT_DETECTION_DESTINATION_IP notification MAY compare the supplied
value to a SHA-1 hash of the SPIs, source or recipient IP address
(respectively), address, and port, and if they don't match, it
SHOULD enable NAT traversal. [...]
It seems that there is an extra "address". Shouldn't it be:
o The recipient of either the NAT_DETECTION_SOURCE_IP or
NAT_DETECTION_DESTINATION_IP notification MAY compare the supplied
value to a SHA-1 hash of the SPIs, source or recipient IP address and
port
(respectively), and if they don't match, it
SHOULD enable NAT traversal. [...]
or
o The recipient of either the NAT_DETECTION_SOURCE_IP or
NAT_DETECTION_DESTINATION_IP notification MAY compare the supplied
value to a SHA-1 hash of the SPIs, source or recipient (respectively)
IP address and port, and if they don't match, it
SHOULD enable NAT traversal. [...]
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec