Re-, Please see inline.
Cheers, Med > -----Message d'origine----- > De : Paul Wouters [mailto:[email protected]] > Envoyé : mardi 30 avril 2019 15:40 > À : BOUCADAIR Mohamed TGI/OLN > Cc : [email protected] > Objet : RE: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes > > On Tue, 30 Apr 2019, [email protected] wrote: > > > The responder does not know if the initiator is dual-stack or not. For > example, an initiator can be instructed by policy to make use of separate > requests. > > Why would the initiator that is allowed by policy to do both v4 and v6 > not ask for both at once? [Med] I do fully agree that requesting both when supported would be straightforward, but I'm afraid that some implementations may not follow that behavior. Such implementations may do that: * for arbitrary reasons given that existing specs do not forbid such separate requests. * or, in some contexts such cellular devices, mimic a similar behavior for requesting separate PDP contexts instead of a dual-stack one. FWIW, this is exactly why we use this wording in the draft: If the initiator is dual-stack, it MUST include both address families in its request (absent explicit policy/configuration otherwise). > > I don't see the "use of separate requests" as a real use case. Can you > explain how this would actually happen in a real world? [Med] See the cases above. There is also the case of a responder that wants (for policy reasons) requests to be made as separate IKE SAs. For this case, requests will need to be done separately. > > Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
