William Allen Simpson <[email protected]> wrote: > Therefore, I'd recommend that IPsec instead implement a block of related SPIs. > Each SPI should have its unique session-key as usual, but all would have the > same next protocol header and TCP/UDP port associated with the same flow.
I agree with this model. And I think that IKEv2 makes this significantly easier than IKEv1 did. We are still relearning Photuris. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
