>>>>> On Tue, 17 Aug 2004 17:21:31 +0200,
>>>>> Francis Dupont <[EMAIL PROTECTED]> said:
> In your previous mail you wrote:
> Then how about the following change?
> => we have almost finished:
> Proposed resolution (new)
> A limited scoped address without its zone identifier value has
> security implications, and cannot be used for some security
> contexts. For example, a link-local address cannot be used as a
> part of a security association for Internet Key Exchange (IKE) when
> the IKE packets are carried over global addresses. Also, a
> link-local address without its zone identifier cannot be used in
> access control lists.
> Proposed resolution (better)
> A limited scoped address without its zone identifier value has
> security implications, and cannot be used for some security
> contexts. For example, a link-local address cannot be used in
> a traffic selector of a security association established by
> Internet Key Exchange (IKE) when
> the IKE messages are carried over global addresses. Also, a
> link-local address without its zone identifier cannot be used in
> access control lists.
Basically, I don't have a problem with your suggestion, but I have a
couple of questions:
1. Isn't the notion of "traffic selector" specific to IKEv2? If so,
should we explicitly say IKEv2 in the example?
2. I'm not sure if "a traffic selector of a security association" is
the accurate wording. If we really want to use the notion of
"traffic selector", shouldn't we rather simply say "traffic
selector" (without security association)?
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
