Re: [IPsec] Simultaneous Child SA Creation tigger from both the side.
Nico Williams <nico@cryptonector.com> Mon, 05 May 2014 19:56 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 719E81A047B for <ipsec@ietfa.amsl.com>; Mon, 5 May 2014 12:56:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FegilP0IvXlm for <ipsec@ietfa.amsl.com>; Mon, 5 May 2014 12:56:45 -0700 (PDT)
Received: from homiemail-a113.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id E50211A0469 for <ipsec@ietf.org>; Mon, 5 May 2014 12:56:45 -0700 (PDT)
Received: from homiemail-a113.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a113.g.dreamhost.com (Postfix) with ESMTP id 5C9912007EE06 for <ipsec@ietf.org>; Mon, 5 May 2014 12:56:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=+bNJYtBTqDPWzqZBMboj QPHsKs8=; b=MKThiRTC5Inyf3Tqgw2UVwOwzwgypIRD1l1m7hr7No65UbVtjtUu pg6haw0X2jYaCNpKWMCjag+/2IRJJ2XzI2GlXf4zjnE3xZ6okT7dF0HuMZQ3V7Kl hsvBzHf7ue0Wk/U9w8SMB/7j3je5C4WP9K/t730HSwirbZ0GDjL3l94=
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a113.g.dreamhost.com (Postfix) with ESMTPSA id 10E4E2007EE04 for <ipsec@ietf.org>; Mon, 5 May 2014 12:56:41 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id bs8so3230585wib.3 for <ipsec@ietf.org>; Mon, 05 May 2014 12:56:40 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.77.225 with SMTP id v1mr969684wiw.5.1399319800616; Mon, 05 May 2014 12:56:40 -0700 (PDT)
Received: by 10.216.29.200 with HTTP; Mon, 5 May 2014 12:56:40 -0700 (PDT)
In-Reply-To: <CAK3OfOiMRdSsNTufLAdjxWMvbjqHAYweVDdPRh=hSf8BpBU7nw@mail.gmail.com>
References: <mailman.101.1398884441.30377.ipsec@ietf.org> <335B84BDA2818C428E63D9B0ADE6863545AF7228@szxeml561-mbx.china.huawei.com> <DE8FB8A9-23C6-4828-9129-2B70542F96ED@gmail.com> <335B84BDA2818C428E63D9B0ADE6863545AF7A1A@szxeml561-mbx.china.huawei.com> <CAK3OfOiMRdSsNTufLAdjxWMvbjqHAYweVDdPRh=hSf8BpBU7nw@mail.gmail.com>
Date: Mon, 05 May 2014 14:56:40 -0500
Message-ID: <CAK3OfOifJwiRP4qaDvbJTM=m4TKA6RRf3kUo0h-C1ftSOUOS+g@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Syed Ajim Hussain <syedah@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/Cos_3UbHU2TNDiHFfkCla4SFTd0
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: [IPsec] Simultaneous Child SA Creation tigger from both the side.
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 19:56:46 -0000
Also, it seems clear that any implementation that adheres to the spec as it is will either a) produce just one set of SAs in this case (see Paul's response), or b) propose N>=1 sets of SAs. The (b) case should interop with the (a) case just fine, resulting in N==1 set of SAs. All three possible combinations of implementation behaviors should interop. Nico --
- [IPsec] Simultaneous Child SA Creation tigger fro… Syed Ajim Hussain
- Re: [IPsec] Simultaneous Child SA Creation tigger… Yoav Nir
- Re: [IPsec] Simultaneous Child SA Creation tigger… Syed Ajim Hussain
- Re: [IPsec] Simultaneous Child SA Creation tigger… Valery Smyslov
- Re: [IPsec] Simultaneous Child SA Creation tigger… Paul Wouters
- Re: [IPsec] Simultaneous Child SA Creation tigger… Nico Williams
- Re: [IPsec] Simultaneous Child SA Creation tigger… Nico Williams
- Re: [IPsec] Simultaneous Child SA Creation tigger… Yoav Nir
- Re: [IPsec] Simultaneous Child SA Creation tigger… Praveen Sathyanarayan
- Re: [IPsec] Simultaneous Child SA Creation tigger… Tero Kivinen