[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What do you do in case of initiate collisions?

To: roy@CheckPoint.COM
Subject: Re: What do you do in case of initiate collisions?
From: ho@earth.hpc.org (Hilarie Orman)
Date: Mon, 13 Oct 1997 10:38:50 -0400
Cc: ipsec@tis.com
In-reply-to: Yourmessage <199710131211.FAA04024@baskerville.CS.Arizona.EDU>
Sender: owner-ipsec@ex.tis.com

>   >We're running into a bit of a problem and haven't found any specific
>   >answers.  Basically, we need to know how people are resolving the 
>   >problem where two systems start overlapping exchange sessions to
>   >each other (the cross in the mail syndrome).
>   >
>   >It looks something like this
>   >
>   >A ----> B         (A initiates a session with B)
>   >A <---- B         (B initiates a session with A)

Can A simply assume that B is responding?

>   >And does anyone's ISAKMP implementation allow more than one
>   >ISAKMP SA per host (ie., per src.-dst. pair)?

I certainly hope so; if it isn't clear that this is required, then the
specification should be changed (the implementation must support it,
though the policy may limit it).  Also, is it clear that the
identities in the pairs need not be based on IP addresses?

Hilarie

Follow-Ups:

Re: What do you do in case of initiate collisions?

From: Shin Yoshida <yoshida@rcom.sei.co.jp>

Prev by Date: PFS negotiation
Next by Date: proposed changes to ISAKMP/Oakley
Prev by thread: Re: What do you do in case of initiate collisions?
Next by thread: Re: What do you do in case of initiate collisions?
Index(es):
- Main
- Thread