[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Phase 1 Re-keying Implementation Identification



The differences between the implementations is also in the document, and was
also presented.

In one sense it's irrelevant. If you prefer dangling, just do it, and you
will be unaffected by the discussion on how to identify it. Regardless, I
think we need an extension mechanism to IKE anyway.

The primary advantage of the continuous channel model is that the logical
control channel created by the existence of the phase 1 SAs may not be
available in the dangling phase 2 SA implementation. This can then lead to
loss of synchronization of phase 2 SAs, which you may or may not care about,
depending on what you want to do.

I would recommend reading the document, and commenting on it, so that
specific issues can be dealt with there. I plan on updating it once more,
perhaps for the final time.

Suggestions as to what to do with the document are welcome; the obvious rude
ones excepted. My current thought is to make it informational.

---
Tim Jenkins                       TimeStep Corporation
tjenkins@timestep.com          http://www.timestep.com
(613) 599-3610 x4304               Fax: (613) 599-3617



-----Original Message-----
From: Slava Kavsan [mailto:bkavsan@ire-ma.com]
Sent: November 16, 1999 11:11 AM
To: Tim Jenkins
Cc: 'ipsec@lists.tislabs.com'
Subject: Re: Phase 1 Re-keying Implementation Identification


Wouldn't be simpler to eliminate "continious" model instead of creating
additional protocol extensions to support it.
What are advantages of "continious" model vs. "dangling"?