[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Daemon Recovery



> A better solution might be to include in the ISAKMP negotiations a
> notification that at the successful conclusion of this SPI
> negotiation, all other SPI's for the same host should be discarded.

This is a somewhat larger hammer than necessary, and I have this funny
feeling (which I can't really justify yet) that there are some gotchas
with this approach in the presence of packet reordering and the like..

Here's an alternate solution:

Upon receipt of a message to a "bad" SPI, the system should attempt to
negotiate a new SPI-pair with the sender; only one negotiation should
be attempted at a time.  If it fails, there should be a "hold-down"
period (of seconds to minutes) during which no negotiation is
initiated.  Once this negotiation succeeds, it can be used to secure
ICMP messages informing the sender that the SPI it was sending to
isn't there any more.

					- Bill



Follow-Ups: References: