Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03

At 11:36 AM +0300 5/27/10, Yoav Nir wrote:
>How about the following text?
>
>3.8 Allocation of SPIs
> SPIs for child and IKE SAs MUST be unique with the same peer. However, in
> a cluster, both members may create SAs and assign SPIs to them, so a
> collision is possible. We believe that peers should not be required to
> accept duplicate SPIs for different SAs, and that this needs to be
> prevented by the cluster members by some out-of-scope method.
>
>Yoav

The text above seems rather indirect. How about:

3.8 Allocation of SPIs
    The SPI associated with each child SA, and with each IKE SA, MUST be
    unique relative to the peer of the SA. Thus, in the context of a
    cluster, each cluster member MUST generate SPIs in a fashion that
    avoids collisions (with other cluster members) for these SPI values.
    The means by which cluster members achieve this requirement is a local
    matter, outside the scope of this document.

Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

• This message: [ Message body ]
• Next message: Yoav Nir: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• Previous message: Jean-Michel Combes: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• In reply to: Yoav Nir: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• Next in thread: Yoav Nir: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"
• Reply: Yoav Nir: "Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]