Re: v6ops-nat64-pb-statement-req: IPsec requirement

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

Thomas Narten escribió:
> draft-ietf-v6ops-nat64-pb-statement-req-00.txt says:
>
>   
> >    R11: IPsec support.
> >
> >    The translator MUST support communication between IPv4 node and IPv6
> >    node using UDP Encapsulation of IPsec ESP Packets as defined in
> >    [RFC3948] as applicable.  RFC3948 should be interpreted as with the
> >    IPv6 side on the IPv6-IPv4 translator being the IPv4 private side of
> >    the conventional NAT.  IPsec support MAY require updating also the
> >    IPv4 side.
> >     
>
>
> Actually, I think the real requirement is that both IPsec and IKEv2
> work. IPsec without key management is pretty useless in practice. Is
> that what is meant?
>   

i think so, i have changed that to

The translator MUST support communication between IPv4 node and IPv6
  node using UDP Encapsulation of IKE and IPsec ESP Packets as defined in
  [RFC3948] as applicable.  RFC3948 should be interpreted as with the
  IPv6 side on the IPv6-IPv4 translator being the IPv4 private side of
  the conventional NAT.  IPsec support MAY require updating also the
  IPv4 side.

would that be better?

> Thomas
>
>
>