Pekka Riikonen writes: > Isn't this what the -02 draft specifies? Not sure, as I have not yet read the -02 draft fully.
> ... > o The active member dies, and a standby member takes over. The > standby member sends its own idea of the IKE Message IDs (both > incoming and outgoing) to the peer in an Informational message > exchange with Message ID zero. > o The peer first authenticates the message and then validates the > failover count. The peer compares the received values with the > values available locally and picks the higher value. It then > updates its Message IDs with the higher values and also propose > the same values in its response. > ... This still has the failover count, which is not needed, as if we always take the max of message IDs seen by both parties, then we cannot go backwards, and replays etc do not matter, as we end up in same state (i.e. if someone replays request, the other end will set the message IDs to be the largest value seen). We still need nonce, to know that the reply matches the request, i.e. so someone cannot replay old reply, altough in most cases the reply would have smaller numbers than what was in the request, in which case the sender will immediately know something is wrong. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
