On Tue, 30 Apr 2019, [email protected] wrote:
Why would the initiator that is allowed by policy to do both v4 and v6
not ask for both at once?
[Med] I do fully agree that requesting both when supported would be
straightforward, but I'm afraid that some implementations may not follow that
behavior.
Do we currently have a large scale implementation issue, or are you
predicting that this may happen in the future. While I am okay with
doing it if it fixes a large deployment issue, I'm not okay with it
to pre-emptively support expected implementation issues.
Such implementations may do that:
* for arbitrary reasons given that existing specs do not forbid such separate
requests.
So what is the problem with bad implementations doing bad things? Why
would this notify tell them to do things differently next time?
* or, in some contexts such cellular devices, mimic a similar behavior for
requesting separate PDP contexts instead of a dual-stack one.
Is this actually happening at scale, or is this just a feared bad way
things will get implemented?
I don't see the "use of separate requests" as a real use case. Can you
explain how this would actually happen in a real world?
[Med] See the cases above. There is also the case of a responder that wants
(for policy reasons) requests to be made as separate IKE SAs. For this case,
requests will need to be done separately.
If the "policy reason" is there, why would a notify change their
behaviour? If they are already sending a v4 and a separate v6
request, what value does the notify add?
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
