Version -03 Changes Aligns SPD representation format with RFC 4301 Describes IKEv2 Peer Authorization Database (PAD) entries At least IPv4 addresses and shared keys should be supported Adds references to other documents describing using transport mode in a similar context (RFC3884, RFC3193, RFC4023) Moves tunnel mode discussion to appendix Recommends transport mode Keeps discussion of the tunnel mode issues Notes that tunnel mode (when implemented without an interface) may be applicable in scenarios where the lack of multicast and link-local traffic is not an issue and, e.g., MOBIKE is needed Moves tunnel mode implementation approach discussion to appendix Interface or not, SSPD/GSPD Also moves Dynamic Address Configuration, NAT traversal and Mobility, and Tunnel Endpoint Discovery to appendix The first two are most applicable to tunnel mode which is in appendix The last requires manual configuration so TEP discovery does not work well right now |