[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE



>I'd prefer to keep the commit bit.  Otherwise the responder is forced to
>add SAs before the final QM hash from the initiator is processed,
>opening the responder up to adding potentially suspect SAs into the
>system.  

	regarding to commit bit processing, we should really look again
	about 3-phase commit protocol as discussed in distributed database
	textbooks, and follow their suggestions.
	it's very wrong for both ends to go unsynchronized on packet losses.

itojun


References: