That would be good, but we don't want to madate not using certain modes of operation when you have a cluster. That would be very counter-productive.
OTOH, because of the replay counter, we've already agreed that an outbound child SA cannot be shared among members of a load-sharing cluster. As for the "hot standby" cluster, it *is* important to avoid repeating an IC after failover, so precautions must be taken, and that draft David mentioned is one good way. However, this problem is internal to the cluster. It has nothing to do with IKE interoperability with other peers (I don't think any peer actually verifies that an IC or IV has not been previously used with the same key). Therefore, this whole discussion is out of scope for this work item. Do you agree? Yoav On Mar 22, 2010, at 11:20 AM, Dan Harkins wrote: > > Hi, > > Another solution is to use a cipher mode (like SIV) that does not lose > all security if a counter is reused. Then you don't have to worry at all > it. > > Dan. > > On Mon, March 22, 2010 9:29 am, David McGrew wrote: >> Hi Yoav, >> >> another requirement for IPsec HA is to coordinate the use of distinct >> counters between multiple crypto engines. The problem (and a >> convenient solution) is described in >> http://tools.ietf.org/html/draft-ietf-msec-ipsec-group-counter-modes-05 >> >> David >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> > > > > Scanned by Check Point Total Security Gateway. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
