Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03

From: Jean-Michel Combes <jeanmichel.combes_at_nospam>
Date: Thu May 27 2010 - 10:32:59 GMT
To: Yoav Nir <ynir@checkpoint.com>

Hi again,

2010/5/27 Yoav Nir <ynir@checkpoint.com>:
> How about the following text?
>
> 3.8 Allocation of SPIs
> SPIs for child and IKE SAs MUST be unique with the same peer. However, in
> a cluster, both members may create SAs and assign SPIs to them, so a
> collision is possible. We believe that peers should not be required to
> accept duplicate SPIs for different SAs, and that this needs to be
> prevented by the cluster members by some out-of-scope method.

It's fine for me.

Best regards.

JMC.

>
> Yoav
>
> -----Original Message-----
> <snip/>
>
> 3. The Problem Statement
>
> <JMC>
> I didn't see anything about potential collisions (e.g. SPI for a
> specific SA on a member of the cluster is already used on another
> member) during a failover: is such an issue out of scope?
> <JMC>
>
> <snip/>
>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

This message: [ Message body ]
Next message: Stephen Kent: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
Previous message: Jean-Michel Combes: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
In reply to: Yoav Nir: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
Next in thread: Stephen Kent: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]