Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03

How about the following text?

3.8 Allocation of SPIs
   SPIs for child and IKE SAs MUST be unique with the same peer. However, in
   a cluster, both members may create SAs and assign SPIs to them, so a
   collision is possible. We believe that peers should not be required to
   accept duplicate SPIs for different SAs, and that this needs to be
   prevented by the cluster members by some out-of-scope method.

Yoav

-----Original Message-----
<snip/>

3. The Problem Statement

<JMC>
I didn't see anything about potential collisions (e.g. SPI for a
specific SA on a member of the cluster is already used on another
member) during a failover: is such an issue out of scope?
<JMC>

<snip/>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

• This message: [ Message body ]
• Next message: Jean-Michel Combes: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• Previous message: Yoav Nir: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• In reply to: Jean-Michel Combes: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• Next in thread: Jean-Michel Combes: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• Reply: Jean-Michel Combes: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• Reply: Stephen Kent: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]