[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec SA DELETE in "dangling" implementation

To: Dan Harkins <dharkins@network-alchemy.com>
Subject: RE: IPSec SA DELETE in "dangling" implementation
From: Tim Jenkins <tjenkins@TimeStep.com>
Date: Thu, 2 Dec 1999 15:30:31 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@Network-Alchemy.COM]
> Sent: December 2, 1999 3:15 PM
> To: Tim Jenkins
> Cc: ipsec@lists.tislabs.com
> Subject: Re: IPSec SA DELETE in "dangling" implementation 
> 
> 
> On Thu, 02 Dec 1999 15:05:39 EST you wrote
oo.
> 
> I'll ask again: why wouldn't anyone use the responder-lifetime
> notify for lifetimes which are greater than the configured value
> and respect the lifetimes of offers which are less than the
> configured value? 

The reasons are irrelevant. The simple fact is that you might
have to interoperate with an implementation that legally doesn't
do that.

If you make the assumption that every implementation does that,
there's a potential interoperability problem. If you don't care
about interoperating with those implementations, then I guess
that's your choice. But in the customer's eyes, there's a chance
either implementation or both are going to look bad. And in
either case, it makes IPsec look bad.

(Customer: Is one violating the specifications?
 Answer: No.
 Customer: But they don't work together!!!
 Answer: Well, only under certain circumstances....)

> 
>   Dan.
>

Follow-Ups:

Re: IPSec SA DELETE in "dangling" implementation

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: Re: matching GW addr to ID payload (fwd)
Next by Date: Re: IPSec SA DELETE in "dangling" implementation
Prev by thread: RE: IPSec SA DELETE in "dangling" implementation
Next by thread: Re: IPSec SA DELETE in "dangling" implementation
Index(es):
- Main
- Thread