First of all my apologies for letting -00 to expire, I'm working on -01 but failed to submit in time...partially due to an issue described below..
On Tue, Jan 23, 2024 at 10:10 PM Michael Richardson <[email protected]> wrote: > While the whole point of the SPI7/8 mechanism is that it can be operated > completely without IKEv2 involved at all. So I was working on the text which focuses on SPI7/8 case only, when I got stuck. Let's say a device sends an ESP Echo request packet but no replies are received. How can the sender differentiate between: - there is a problem with e2e ESP connectivity - the receiver doesn't support ESP Ping, so the packet with SPI=7 is just silently discarded? It looks like the ESP ping capability needs to be negotiated. The question is: shall it be another IKEv2 Configuration attribute or smth else? Anyway it means that the proposed mechanism can not be completely uncoupled from IKE... -- Cheers, Jen Linkova _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
