On Wed, Dec 15, 2004 at 09:56:09AM -0800, Joe Touch wrote: > There's nothing in IPsec that knows about TCP connections now, and there > shouldn't be. > > There might be utility to coordinating TCP with IKE, but that means that > the SA used by a packet needs to be set explicitly by the upper layer > rather inferring it from policy rules. > > I.e., TCP may need to know about IPsec, not the other way around. Connection latching should, indeed, be initiated by TCP -- but that does not mean the matter shouldn't be mentioned in the IPsec architecture doc. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf