Thomas Narten escribió:
marcelo bagnulo braun <marcelo@it.uc3m.es> writes:i think so, i have changed that toThe translator MUST support communication between IPv4 node and IPv6 node using UDP Encapsulation of IKE and IPsec ESP Packets as defined in [RFC3948] as applicable. RFC3948 should be interpreted as with the IPv6 side on the IPv6-IPv4 translator being the IPv4 private side of the conventional NAT. IPsec support MAY require updating also the IPv4 side.would that be better?Yes, but... Question: Why was UDP encapsulation chosen? Should we even have thatrequirement at this point?
more backgroundthe point made in the previous meeting was that this must provide at least the same functionality than current v4 nats, and that is what nats currently support as defined in rfc3948, hence the wording, but i certainly agree that what you write below is what we want to say, so i will change this to your wording in the document if nobody opposes
one more question, people have asked me explicitly to have the reference to 3948, do you think we should keep that somehow is we can drop it?
Seems to me that the requirement should be more like: The translator MUST be able to support the translation of at least one mode of IPsec and IKE flows sufficient to allow nodes using IKE and IPsec to successfully set up and use IPsec SAs. Although desirable, it is not a requirement that such a capability be done with no changes to the IPv4 node's IKE/IPsec implementation. Thoughts? Thomas