Hi Yaron,
In response to issue 193. For reference:
--8<--
Section 9.3: this entire discussion is probably redundant, because when a node
fails in the LS cluster, you switch to another node. Implementing QCD on top of
this is probably an overkill. If we remove this section, we can get rid of sec.
5.2 as well, and we can focus on a single recommended way to generate the
token, which would make analysis that much easier.
--8<--
9.3 has been moved to 10.4 under security consideration. I will refer to 10.4
instead of 9.3 from now on.
The token generation method highlighted in 5.1 presents a security risk
highlighted in section 10.4.
We can not get rid of 5.2 nor 10.4, however we could make it clearer that 5.2
is the recommended token generation method when the risk highlighted in10.4 is
present.
Regards,
fred
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
