Re: Question about Version Numbers

[Bill Sommerfeld <sommerfeld@east.sun.com>]

> d) have Alice remember that Bob can talk n+1, and refuse to believe
> an unauthenticated notification telling her otherwise
>
> Note that d) is allowed by the current spec (wouldn't violate any
> on-the-wire messages). So I think we should do that, which doesn't
> require changing the spec.  Perhaps this will motivate me to revive
> the tutorial spec and mention that in an implementation tip.

Actually, I'd like to discourage this particular strategy -- it makes
it extremely difficult to cleanly back out of a failed upgrade.

There's a common OS/firmware upgrade strategy involving the use of
multiple OS images -- you can update a standby image, activate the
standby image and reboot, and then, because you still have the
original image around, you can (relatively) easily fall back to a
known working configuration if everything didn't work as anticipated.

The reason for falling back to the previous version may have nothing
to do with IKE/IPsec -- the new IKE version may just be along for the
ride in the new configuration.

With a "once I've seen you speak n+1, I refuse to talk version n to
you" strategy, I now have to track down all the nodes that this system
spoke to during this interval and apply percussive maintainance -- and
I may not have the authority to use the necessary hammers myself.

					- Bill