Hi Yaron,
Hi Valery,
Sorry if I was inconsistent on this one.
This is a performance optimization, and it's a trade off for the
responder: Do I want to cache keys, thereby saving on CPU but wasting more
memory on potentially useless SAs? So I suggest to make it a MAY, not a
SHOULD.
At this point of our defense line we are defending against CPU consumption,
not memory consumption. We've already agreed to create an IKE SA state and
the keys,
while computed, adds relatively little to the size of the state.
So I'm reluctant to make it "MAY". Probably a lowercase "should" with some
explanations of the reasons will satisfy you?
Regards,
Valery.
Thanks,
Yaron
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec