Elwyn,
Thanks for your comments..
>
> This seems a useful guide to using v6 in v4 tunnels in conjunction with
IPsec.
>
> I have a few comments (but not much in the way of contributions to the
open
> issues):
> S3.2: Last para: A bit more explanation of the alternative solution
would help.
Ok.
> S3.2: Some mention of potential scalability issues here - if i understand
> correctly a tunnel and SA per host in the site is needed.
Yes, we can mention that in the next revision.
> S5.1 (and elsewhere): The acronyms IDc1 and IDcr may need expansion
Ok.
> S5 (all sections): My understanding (which may be wrong) is that SAs carry
> either unicast or multicast traffic... some of the SAs defined in the SPD
> seem to be intended to carry both unicast neighbor discovery/SAAC and the
> associated MLD Join messages. If this is true separate SAs will be needed
Yes. But the intention is to have fewer SPD entries and protect most of the
link-local traffic. Otherwise, you need to have more SPD entries to
protect the different types of link-local traffic between the two end points.
> but they can be more tightly defined ... the unicast ones are link local
> to link local and the multicast ones have a restricted set of multicast
> groups (All Nodes, All Routers, DHCP groups and Solicited Node groups).
>
> S5: Where the SPD rule applies to a prefix, it might be clearer to use a
> different operator (like ~) to indicate prefix matching rather than
> equality (=).
Okay.
> S5:the packet format piece at the end of the section probably deservces a
> separate section.
>
Okay.
> I have also made a number of editorial suggestions directly to the
document
> editor.
>
Thanks
mohan
> Regards,
> Elwyn
>
>
>