Hello, I am concerned about AES-GCM issues related to segment responsibility changes (see https://tools.ietf.org/html/rfc6311#section-3.4)
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards states RFC6454 is supported. Could you please provide more details about it? As far as I understand, each member of the cluster should have a unique SID assigned and use this SID when emitting packets from the kernel stack. This raises several questions: - how does the userland set the sid in the kernel? - how is the sid is computed so that it is unique within the cluster? How many bits are reserved for this sid? Regards, Emeric
