Works for me.
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Stephen Kent
Sent: Thursday, May 27, 2010 5:18 PM
To: Yoav Nir
Cc: IPsecme WG
Subject: Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03
At 11:36 AM +0300 5/27/10, Yoav Nir wrote:
>How about the following text?
>
>3.8 Allocation of SPIs
> SPIs for child and IKE SAs MUST be unique with the same peer. However, in
> a cluster, both members may create SAs and assign SPIs to them, so a
> collision is possible. We believe that peers should not be required to
> accept duplicate SPIs for different SAs, and that this needs to be
> prevented by the cluster members by some out-of-scope method.
>
>Yoav
The text above seems rather indirect. How about:
3.8 Allocation of SPIs
The SPI associated with each child SA, and with each IKE SA, MUST be
unique relative to the peer of the SA. Thus, in the context of a
cluster, each cluster member MUST generate SPIs in a fashion that
avoids collisions (with other cluster members) for these SPI values.
The means by which cluster members achieve this requirement is a local
matter, outside the scope of this document.
Steve
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
Scanned by Check Point Total Security Gateway.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
