[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
>I'd prefer to keep the commit bit. Otherwise the responder is forced to
>add SAs before the final QM hash from the initiator is processed,
>opening the responder up to adding potentially suspect SAs into the
>system.
regarding to commit bit processing, we should really look again
about 3-phase commit protocol as discussed in distributed database
textbooks, and follow their suggestions.
it's very wrong for both ends to go unsynchronized on packet losses.
itojun
References: