Hi,
I am wondering how SPI collision is considered by IKEv2, and have not found
any documentation on it, so if there are some, please let me know.
My current understanding is that when an CREATE_CHILD_SA exchange is
performed the Initiator and Responder announce the SPI in the SA payload.
If the
Hi Daniel
On Apr 5, 2012, at 9:22 PM, Daniel Migault wrote:
Hi,
I am wondering how SPI collision is considered by IKEv2, and have not found
any documentation on it, so if there are some, please let me know.
My current understanding is that when an CREATE_CHILD_SA exchange is
At 1:12 AM + 4/3/12, Xiangyang zhang wrote:
A new version of I-D, draft-zhang-ipsecme-multi-path-ipsec-00.txt
has been successfully submitted by Xiangyang Zhang and posted to the
IETF repository.
Filename:draft-zhang-ipsecme-multi-path-ipsec
Revision:00
Title:Multiple Path
Dharmanandana,
1. SA bundle is the ordered list of SAs. For SA cluster, it contains a set of
SA. Which SA is used for traffic protection is purely implementation
dependent. The SA cluster means only one SA is used while SA bundle means all
SAs are used. Single SA can be viewed as cluster
Steve,
Your understanding is partially right. Only that anti-replay window could
possibly be bigger if two paths go along the different routes. If two paths go
along the same route, it is no difference from the traditional single SA. But
the attacker does not know two paths carry the same