Yoav, I think preserving the history is worthwhile. I'm fine with moving section 7 to an appendix. With that said Tero will still object to the text that would become A1.4 (currently 7.4). The text in Section 7.4 represents our opinion which is not the same as his. I think the text should be modified to acknowledge that some implementations may reduce their timeout due to INVALID_SPI or INVALID_IKE_SPI, but we feel this still results in an unnecessary delay that could be eliminated with use of QCD tokens. I suggest the following replacement text:
Some implementations require fewer retransmissions over a shorter period of time for cases of liveness check started because of an INVALID_SPI or INVALID_IKE_SPI notification. We believe that the default retransmission policy should represent a good balance between the need for a timely discovery of a dead peer, and a low probability of false detection. We expect the policy to be set to take the shortest time such that this probability achieves a certain target. Therefore, we believe that reducing the elapsed time and retransmission count may create an unacceptably high probability of false detection, and this can be triggered by a single INVALID_IKE_SPI notification. Additionally, even if the retransmission policy is reduced to, say, one minute, it is still a very noticeable delay from a human perspective, from the time that the gateway has come up (i.e. is able to respond with an INVALID_SPI or INVALID_IKE_SPI notification) and until the tunnels are active, or from the time the backup gateway has taken over until the tunnels are active. The use of QCD tokens can reduce this delay. Dave Wierbowski From: Yoav Nir <[email protected]> To: IPsecme WG <[email protected]> Date: 12/02/2010 05:34 AM Subject: [IPsec] Issue #199 - Section 7.4 is mostly wrong Sent by: [email protected] Hi all This issue is about some of the wording of section 7.4. I don't agree that this is mostly wrong, but I think the group's energies are better spent elsewhere. Section 7, in its entirety is about alternative solutions that were not adopted. I think we can either delete the whole section, or else move it to an appendix. What do others think? Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
