Technical Summary
This document presents the solution that allows to clone IKEv2
SA, where an additional SA is derived from an existing one.
The newly created IKE SA is set without the IKEv2
authentication exchange. This IKE SA can later be assigned to
another interface or moved to another cluster mode using
MOBIKE protocol.
Working Group Summary
Document was considered for the IPsecME working group, and
intrest was polled in November 2014. There were only positive
responses for adopting the draft in the mailing list, but WG
chairs concluded that there was not sufficient interest (i.e.
not enough people). There were no controversial points pointed
out at that point and comments were provided on the list.
Document Quality
There is no known existing implementations of the protocol.
There has been few reviews for the core IPsecME WG members,
which has resulted some changes to the document.
Personnel
The Document Shepherd is Tero Kivinen, the responsible Area
Director is Kathleen Moriarty.
IANA Note
This document has two IANA actions. There are no new registries.
The actions add two new entries to existing IKEv2 registry. The
allocation policy of that registry is Expert review. The IANA
considerations section is complete, and includes enough information
for IANA to complete the protocol actions.
RFC editor note:
Minor nit in the last paragraph of the security considerations
section, add an "a" before the phrase "load-sharing":
Old:
When cloning, an IKE SA is used to build load-balancing systems, then
there is a necessity to transfer IKE SA states between the nodes of
load-sharing cluster.
New:
When cloning, an IKE SA is used to build load-balancing systems, then
there is a necessity to transfer IKE SA states between the nodes of a
load-sharing cluster.