RE: ICMP and MH TSs for IKEv2

At 8:01 PM +0300 9/5/05, Pasi.Eronen <at> nokia.com wrote:
>Francis Dupont wrote:
>>   In your previous mail you wrote:
>>
>>     >  - the MH type is in the local "port" selector. What is
>>     >  the "local" TS, TSi only, or MH type and ICMP type/code
>>     >  are "aligned" (and how)?
>>   
>>     I'm starting to lean on solution, where ICMP/MH type/code's
>>     in SA's TS  would always be in both local/remote port (or
><    src/dst port). This way, even multicast SA's would work
>>     without any special handling (an MC SA that would be used
>>     for both receiving and sending).
>>   
>>  => I agree this solution seems good but it was only suggested and
>>  only for ICMP in the clarifications I-D.
>
>I agree, this solution seems to apply both to ICMP and MH. We'll
>add some text about this in the next version of the clarifications
>I-D (hopefully appearing before the Toronto IPsec/IKEv2 interop).
>
>Best regards,
>Pasi

Guys,

We specifically allow asymmetry for ICMP traffic for an SA, e.g.,  so 
that one can send but not accept traffic for a given ICMP message 
type for an SA. I believe we discussed this issue on the list at the 
time the decision  was made, so please do not plan to just change by