Emeric POUPON
2018-03-30 15:14:44 UTC
Hello,
I am concerned about AES-GCM issues related to segment responsibility changes (see https://tools.ietf.org/html/rfc6311#section-3.4)
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards states RFC6454 is supported.
Could you please provide more details about it?
As far as I understand, each member of the cluster should have a unique SID assigned and use this SID when emitting packets from the kernel stack.
This raises several questions:
- how does the userland set the sid in the kernel?
- how is the sid is computed so that it is unique within the cluster? How many bits are reserved for this sid?
Regards,
Emeric
I am concerned about AES-GCM issues related to segment responsibility changes (see https://tools.ietf.org/html/rfc6311#section-3.4)
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards states RFC6454 is supported.
Could you please provide more details about it?
As far as I understand, each member of the cluster should have a unique SID assigned and use this SID when emitting packets from the kernel stack.
This raises several questions:
- how does the userland set the sid in the kernel?
- how is the sid is computed so that it is unique within the cluster? How many bits are reserved for this sid?
Regards,
Emeric