[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec SA DELETE in "dangling" implementation

To: Slava Kavsan <bkavsan@ire-ma.com>
Subject: Re: IPSec SA DELETE in "dangling" implementation
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Date: Tue, 30 Nov 1999 11:04:57 -0800
cc: ipsec <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Tue, 30 Nov 1999 11:45:33 EST." <3843FF2D.B77C6051@ire-ma.com>
Sender: owner-ipsec@lists.tislabs.com

>b) re-negotiate IKE SA before sending DELETE

...which would beg the question of whether or not it's legal to send an IPSEC
DELETE on an IKE SA that did not originally negotiate the IPSEC SA's.  Our
particular implementation would accept that, but I can also see an argument
for while that's not right.

I'm really unclear as to what problem is being solved by this rekeying draft.
However, I owe Tim a reasoned response beyond just this snipe...  :-)

Derrell

Follow-Ups:

Re: IPSec SA DELETE in "dangling" implementation

From: Paul Koning <pkoning@xedia.com>

References:

IPSec SA DELETE in "dangling" implementation

From: Slava Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: ISAKMP Configuration Method
Next by Date: Re: ISAKMP Configuration Method
Prev by thread: Re: IPSec SA DELETE in "dangling" implementation
Next by thread: Re: IPSec SA DELETE in "dangling" implementation
Index(es):
- Main
- Thread