[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

swIPe comments

To: karn@qualcomm.com
Subject: swIPe comments
From: jfjr@mbunix.mitre.org (Freedman)
Date: Fri, 24 Jun 1994 08:18:16 -0400
Cc: ipsec@ans.net
In-Reply-To: Phil Karn's message of Thu, 23 Jun 1994 14:31:59 -0700 <199406232131.OAA16499@servo.qualcomm.com>
Posted-From: The MITRE Corporation, Bedford, MA




>>  We have modified our swIPe implementation slightly by adding host
>>filtering. Once swIPe is turned on - the ifconfigs and ioctls have
>>been issued - any packets from a designated swIPed partner that are
>>not swIPed are rejected. This is a few lines of code, mainly in ip_input.

>What happens if the remote peer crashes and loses its swIPe state? How
>can you reestablish the security association if you block all non-swIPed
>packets?

  In our version, when the crashed peer comes up and tries to 
communicate with the uncrashed swIPe partner, it notices that it
doesn't have keys and begins a key negotion process which is done over
IPIP (swIPe).

References:

Re: swIPe comments

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re[4]: Granularity of authentication in swIPe
Next by Date: Re: swIPe comments
Prev by thread: Re: swIPe comments
Next by thread: Re: swIPe comments
Index(es):
- Main
- Thread