At 2:18 PM +0300 4/29/09, Tero Kivinen wrote:
...
In most case I would not expect Bob to create the old SA that way at
all, as it would require it to combine two SPD rules together when
accepting such entry. As the SPD entries are ordered list that would
mean it was combining two entries which
Yaron:
3.3.2: there is no explanation here or elsewhere that the D-H transform for
ESP and AH is used for PFS.
Paul (off list):
Not done. I don't think it belongs in 3.3.2, and I also don't agree that the
transform is the D-H transform for ESP and AH is used for PFS; that's an
Yaron:
3.5: this section is extremely liberal on what access control policies
people can implement, but that's too late to change now. However, we CAN at
least add a reference to RFC 4301, Sec. 4.4.3.1 (as was done in RFC 4945,
pki4ipsec).
Paul: Not done, take to the list.
Yaron: I propose to
