[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
re: Delete (in John Burke's recent message)
At 04:24 PM 1/9/97 -0500, "Waterhouse, Richard"
<Waterhouse@nt1-ndhm.chnt.gtegsc.com> wrote:
>
> "The above implies that a Delete MUST be permitted to arrive in
> a separate Informational Exchange for an incomplete connection."
>
>> This would imply the rules for the Delete must be different for Phase 1 and
>Phase 2.
>
>"Deletion of a Security Association MUST always be performed under the
>protection of an ISAKMP SA." (Section 5.13) would prohibit
>implementation of your suggestion for Phase 1.
Yes, that's right; I was not considering that point. As you say, this is
a difference between Phase 1 and Phase 2. I believe it's necessarily so;
and in fact it appears to me the same logic applies to any Notify that
signals failure.
Best regards,
John Burke