[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deletion of SA

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: Deletion of SA
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Mon, 23 Mar 1998 12:22:32 -0500
cc: ipsec@tis.com
In-reply-to: Your message of "Mon, 23 Mar 1998 10:07:33 -0500 ." <199803231507.KAA00292@morden.sandelman.ottawa.on.ca>
Sender: owner-ipsec@ex.tis.com

>     K> negotiated a new SA and will use that for future
>     K> communications. Should H1 send a delete payload to delete H2's
> 
>   Yes. That should occur as part of the new SA being setup.
>   A question though: is a "delete" too strong here? Perhaps a "please
> delete this SA in X seconds" would be more appropriate? As a notify
> perhaps? That would allow SA's to be negotiated in advance of being
> used, and it also allows the network to drain.
>   Someone tell me that this is already addressed, but I just missed
> that part :-)

Alternatively, you could put the burden of not sending the delete
until the *sender* has reason to believe that all relevant traffic has
drained from the net...

For instance, in the case of per-connection keying, the sender could
send a delete once the connection closed..

Follow-Ups:

Re: Deletion of SA

From: K SrinivasRao <srinu@trinc.com>

References:

Re: Deletion of SA

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: Deletion of SA
Next by Date: Re: Deletion of SA
Prev by thread: Re: Deletion of SA
Next by thread: Re: Deletion of SA
Index(es):
- Main
- Thread