On Wed, Jun 17, 2020 at 01:59:18PM -0400, Paul Wouters wrote:
> On Wed, 17 Jun 2020, Toerless Eckert wrote:
>
> > These two choices are somewhat arbitrary, i am sure some vendor
> > not following this draft will later come and complain that he
> > prefers GRE in tunnel mode or IPinIP tunnel or transport mode,
>
> Note that you cannot _require_ transport mode, as the IKEv2
> protocol only allows you to _suggest_ transport mode. The peer
> can reject that suggestion and insist the connection uses
> tunnel mode.
But we do define a profile of use of IPsec that both sides need to support
to ineroperate. So what specifically does prohibit a specificartion of such
a profile to require to support and prefer one mode over the other ?
This is a peer-to-peer communication solution, so no interop
with devices not confirming to this spec.
Cheers
Toerless
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
