I am a bit sceptical about the draft as it appears to be solving something
that doesn't have to be such a huge problem by introducing a new exchange.
First, the ESP sequence number sync. In case of failover the online node
should simply increment the sequence number with a large enough number;
Looks good. I have one technical question:
- What is the purpose of sending an empty response to the unprotected N
(INVALID[_IKE]_SPI)&N(QCD_TOKEN)+ message? I'm not sure it provides any
real value and would really prefer not to send it. Also, this contradicts
a few "MUST NOT" statements in ik
