In your previous mail you wrote:
Please let me check...are you saying something like this?
The proposed text says:
unqualified IP addresses cannot safely be used for IKE negotiation.
=> unqualified is not accurate enough: the idea is about scoped addresses
without scope IDs. And the issue is not only for IKE, it is for any
similar protocol not using scope ID (not clothed address).
but, for example, we should (safely) be able to perform IKE
negotiation for an SA with link-local addresses if the IKE packets are
sent from/to the link-local addresses (since then the appropriate zone
can be determined from the zone of the IP packets).
=> the example is correct but IMHO an example where the negociation is
not safe (IKE runs over global addresses with traffic selectors using
bare link-local addresses) is better.
Thanks
[EMAIL PROTECTED]
PS: note that I believe this is the proper fix, i.e., we should not add
scope IDs to IKE/IPsec.
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
