[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Daemon Recovery

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: Daemon Recovery
From: Derrell Piper <piper@cisco.com>
Date: Wed, 17 Sep 1997 13:06:33 -0700
cc: Bill Sommerfeld <sommerfeld@apollo.hp.com>, "Suren Arockia S." <suren@teil.soft.net>, ipsec@tis.com
In-reply-to: Your message of "Wed, 17 Sep 1997 15:43:04 EDT." <199709171943.PAA04971@dcl.MIT.EDU>
Sender: owner-ipsec@ex.tis.com

Ted,

I like the idea of a host sending an informational message when it reboots.

>Yes, we'd need to do something like this as well (and I think I was
>kinda assuming that something like this was going to happen).  My
>original proposal was an optional thing that which the just-rebooted
>machine could send which meant, "I just rebooted; this is the first and
>only SPI for which I have keying information ---- you can forget all of
>your other (older) SPI's."

This would be fairly easy: designate a new Notify Status message (REBOOTED)
and add text to say that after a host reboots, after establishing the first
SA with any particular host, an ISAKMP Informational Exchange SHOULD be
sent under the new ISAKMP SA which indicates that the other side should
purge all associations with the rebooted host.  This would mean that a host
would always send one of these out the first time it establishes an SA with
any system.  However, the recipient doesn't have to do anything with the
message if they didn't want to.

Derrell

Follow-Ups:

Re: Daemon Recovery

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Re: Daemon Recovery

From: Matt Thomas <matt.thomas@altavista-software.com>

References:

Re: Daemon Recovery

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: Re: Daemon Recovery
Next by Date: Re: Daemon Recovery
Prev by thread: Re: Daemon Recovery
Next by thread: Re: Daemon Recovery
Index(es):
- Main
- Thread