In your previous mail you wrote: Please let me check...are you saying something like this? The proposed text says: unqualified IP addresses cannot safely be used for IKE negotiation. => unqualified is not accurate enough: the idea is about scoped addresses without scope IDs. And the issue is not only for IKE, it is for any similar protocol not using scope ID (not clothed address).
but, for example, we should (safely) be able to perform IKE negotiation for an SA with link-local addresses if the IKE packets are sent from/to the link-local addresses (since then the appropriate zone can be determined from the zone of the IP packets). => the example is correct but IMHO an example where the negociation is not safe (IKE runs over global addresses with traffic selectors using bare link-local addresses) is better. Thanks [EMAIL PROTECTED] PS: note that I believe this is the proper fix, i.e., we should not add scope IDs to IKE/IPsec. -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------