William Allen Simpson <william.allen.simp...@gmail.com> wrote:
> Therefore, I'd recommend that IPsec instead implement a block of related
SPIs.
> Each SPI should have its unique session-key as usual, but all would have
the
> same next protocol header and TCP/UDP port associated with the same flow.I agree with this model. And I think that IKEv2 makes this significantly easier than IKEv1 did. We are still relearning Photuris. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
