[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: Delete (in John Burke's recent message)

To: ipsec@ex.tis.com
Subject: re: Delete (in John Burke's recent message)
From: John Burke <jburke@cylink.com>
Date: Thu, 09 Jan 1997 18:31:52 -0500
Sender: owner-ipsec@ex.tis.com

At 04:24 PM 1/9/97 -0500, "Waterhouse, Richard"
<Waterhouse@nt1-ndhm.chnt.gtegsc.com> wrote:
> 
>       "The above implies that a Delete MUST be permitted to arrive in
>        a separate Informational Exchange for an incomplete connection."
>
>> This would imply the rules for the Delete must be different for Phase 1 and
>Phase 2.
>
>"Deletion of a Security Association MUST always be performed under the
>protection of an ISAKMP SA." (Section 5.13) would prohibit
>implementation of your suggestion for Phase 1.

Yes, that's right; I was not considering that point.  As you say, this is
a difference between Phase 1 and Phase 2. I believe it's necessarily so;
and in fact it appears to me the same logic applies to any Notify that 
signals failure.

Best regards,
John Burke

Prev by Date: re: Delete (in John Burke's recent message)
Next by Date: IPSEC DOI doc and Identification Payload
Prev by thread: re: Delete (in John Burke's recent message)
Next by thread: IPSEC DOI doc and Identification Payload
Index(es):
- Main
- Thread