David Wierbowski writes:
> What I do not like about the text is that it is a rule related to the
> life of the Child SAs. I think it would be clearer to tie the rule
> to the termination of the IKE SA. For example I think replacing the
> text with some thing like the following is more straight fo
Yoav Nir writes:
> I agree. And whatever we may think of the particular solution, it does
> present a problem that can and should be in the problem statement draft.
>
> So how about adding teh following sub-section:
>
> 3.7. Different IP addresses for IKE and IPsec
>
>In many implementatio
This is why we need multiple vendors to look at this draft.
On Apr 26, 2010, at 2:29 PM, Tero Kivinen wrote:
> Yoav Nir writes:
>> I agree. And whatever we may think of the particular solution, it does
>> present a problem that can and should be in the problem statement draft.
>>
>> So how abou
Yoav Nir writes:
> Actually, in our implementation, all packets (IKE and ESP) have the
> cluster IP address, so the peer doesn't notice a failover, and also
> the peer can't tell which member is "active" or which member it is
> working with.
Yes, that is also one way doing it, but in that case th
>Do you think it is legal to create a system where one Child SA can
>fail in such way that IKE SA cannot send delete notification?
I do not think a robust IKE implementation would allow this.
>
>The current text says it is not legal, but your replacement text
>allows it.
The current bis text is:
Hi,
There has been very little follow-on discussion on this draft, just a
few mails related to one proposed solution. So if you've read the draft
and think it's complete and good to go into WGLC, let us all know. If
some things are still missing, tell us which. Different vendors have
different vie
Hi Yaron,
Thanks for the feedback. I will definitely read the
draft-ietf-ipsecme-ipsec-ha and will get back to you.
Here are my answers to your suggestions:
1. I will point the section 5.1 in the introduction itself that way the
purpose and applications of the draft are clear.
2. We d
