[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Life and death of IKE SAs and IPSEC SAs

To: ipsec@tis.com
Subject: Life and death of IKE SAs and IPSEC SAs
From: Bronislav Kavsan <bkavsan@ire-ma.com>
Date: Fri, 22 May 1998 17:03:35 -0400
Sender: owner-ipsec@ex.tis.com

There is an important  issue which not covered by any draft standards
and a subject of the debate between IKE implementors, and that is:

Should or shouldn't we delete IPSEC SAs when "umbrella" IKE SA is
deleted?
The deletion of IKE SA may occur when:
1) It expires on the local host
2) It expires on the remote host which sends re-negotiation proposal to
my local host
3) The remote host notifies local host to delete it for whatever reason
4) Local host decides to delete it for whatever reason,
5) etc.

Is this behaviour described anywhere in drafts? Is it a matter of local
policy? (and if it is - could it create interoperabilty problems?)

--
Bronislav Kavsan
IRE Secure Solutions, Inc.
100 Conifer Hill Drive  Suite 513
Danvers, MA  01923
voice: 978-739-2384
http://www.ire.com

Follow-Ups:

Re: Life and death of IKE SAs and IPSEC SAs

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Thomas Narten's DISCUSS vote
Next by Date: Re: Thomas Narten's DISCUSS vote
Prev by thread: RE: Thomas Narten's DISCUSS vote
Next by thread: Re: Life and death of IKE SAs and IPSEC SAs
Index(es):
- Main
- Thread