[Mobike] New issue 17: Full connectivity
Pasi.Eronen at nokia.com
Pasi.Eronen at nokia.com
Mon Sep 6 15:26:16 UTC 2004
Francis.Dupont at enst-bretagne.fr wrote:
> Yes, certainly a node is likely to know better its own conditions
> than the other node. But I don't quite understand the last point:
> in 2401bis, inbound IPsec SAs don't seem to have the local (tunnel
> header) address at all? (unless they're multicast, but
> that's beyond IKEv2)
>
> => tunnel inbound IPsec SAs have a local (destination)
> end-point address. What I mean is the only way to fix this
> address is to send a message to the other end saying what
> address to use. BTW this is the central point of MOBIKE.
Err, I'm a bit confused today... I cannot find anything in 2401bis
that would actually use the (outer) address in _inbound_ IPsec SAs
for anything when processing unicast traffic. And if it's not used,
implementations don't even need to store it, and MOBIKE does not
need to update it, right?
Or am I missing something in 2401bis that actually uses it?
Best regards,
Pasi
More information about the Mobike
mailing list