Hi Tero, Thanks for the response. Version 4 of the draft has been updated with this alternative.
Yours, Daniel On Thu, May 10, 2018 at 10:53 AM, Tero Kivinen <kivi...@iki.fi> wrote: > Daniel Migault writes: > > another alternative could be: > > > > As the IV MUST NOT repeat for one SA when Counter-Mode ciphers are > > used, Implicit IV as described in this document MUST NOT be used in > > setups with the chance that the Sequence Number overlaps for one SA. > > Multicast as described in [RFC5374], [RFC6407] and > > [I-D.yeung-g-ikev2] is a prominent example, where many senders share > > one secret and thus one SA. As > > such, it is NOT RECOMMENDED to use Implicit IV with Multicast. > > I would actually prefer to this. I think it is better to say don't do > it, than provide ways it could be done before saying don't do it.... > > I.e., if someone is interested in this then we need to write new > specification that will specify how it is done, so there is no point > of speculating here what it could be. > -- > kivi...@iki.fi > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec