--------------------

Shinta Sugimoto (2005-08-30):

- Section 2.3 (Changing addresses in IPsec SAs), 3rd bullet, it says
  "If there are outstanding IKEv2 requests, continues retransmitting
  them using the addresses in the IKE_SA (the new addresses)." It is
  unclear to me what the "outstanding IKEv2 requests" are.
- Section 2.4 (Updating additional addresses), the first sentence says
  "both the initiator and responder can send a list of additional
  addresses (in addition to the one used for IKE_SA_INIT/IKE_AUTH
  exchange) to the initiator in the IKE_AUTH exchange." It seems to me
  that the sentence is a bit paradoxical. IMHO, the phrase "to the
  initiator" can be eliminated.

--------------------

Pasi Eronen (2005-08-31):

> - Section 2.3 (Changing addresses in IPsec SAs), 3rd bullet,
> it says "If there are outstanding IKEv2 requests, continues
> retransmitting them using the addresses in the IKE_SA (the new
> addresses)." It is unclear to me what the "outstanding IKEv2
> requests" are.

It means IKEv2 requests for which the initiator has not yet
received a reply (I'll try to clarify this in version -02).
This could happen if the need to change addresses appears 
while we're doing e.g. rekeying or dead peer detection.

> - Section 2.4 (Updating additional addresses), the first
> sentence says "both the initiator and responder can send a
> list of additional addresses (in addition to the one used for
> IKE_SA_INIT/IKE_AUTH exchange) to the initiator in the
> IKE_AUTH exchange." It seems to me that the sentence is a bit
> paradoxical. IMHO, the phrase "to the initiator" can be
> eliminated.

Yes, you're right.

--------------------