Hi Yoav,
another requirement for IPsec HA is to coordinate the use of distinct
counters between multiple crypto engines. The problem (and a
convenient solution) is described in http://tools.ietf.org/html/draft-ietf-msec-ipsec-group-counter-modes-05
David
Hi,
Another solution is to use a cipher mode (like SIV) that does not lose
all security if a counter is reused. Then you don't have to worry at all
it.
Dan.
On Mon, March 22, 2010 9:29 am, David McGrew wrote:
Hi Yoav,
another requirement for IPsec HA is to coordinate the use of
That would be good, but we don't want to madate not using certain modes of
operation when you have a cluster. That would be very counter-productive.
OTOH, because of the replay counter, we've already agreed that an outbound
child SA cannot be shared among members of a load-sharing cluster.
As