[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [IPsec] Puzzles in IKEv2
From: Yaron Sheffer <yaronf.ietf () gmail ! com>
Date: 2015-03-07 6:02:59
Message-ID: 54FA9493.7030205 () gmail ! com
[Download RAW message or body]
Please keep it a SHOULD, but include the explanation.
Thanks,
Yaron
On 03/06/2015 09:50 PM, Valery Smyslov wrote:
> Hi Yaron,
>
>> Hi Valery,
>>
>> Sorry if I was inconsistent on this one.
>>
>> This is a performance optimization, and it's a trade off for the
>> responder: Do I want to cache keys, thereby saving on CPU but wasting
>> more memory on potentially useless SAs? So I suggest to make it a MAY,
>> not a SHOULD.
>
> At this point of our defense line we are defending against CPU consumption,
> not memory consumption. We've already agreed to create an IKE SA state
> and the keys,
> while computed, adds relatively little to the size of the state.
>
> So I'm reluctant to make it "MAY". Probably a lowercase "should" with some
> explanations of the reasons will satisfy you?
>
> Regards,
> Valery.
>
>> Thanks,
>> Yaron
>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic