[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec SA DELETE in "dangling" implementation

To: Tim Jenkins <tjenkins@TimeStep.com>
Subject: RE: IPSec SA DELETE in "dangling" implementation
From: Tero Kivinen <kivinen@ssh.fi>
Date: Fri, 3 Dec 1999 00:52:39 +0200 (EET)
Cc: Dan Harkins <dharkins@network-alchemy.com>, ipsec@lists.tislabs.com
In-Reply-To: <319A1C5F94C8D11192DE00805FBBADDFFD5C1A@exchange>
Organization: SSH Communications Security Oy
References: <319A1C5F94C8D11192DE00805FBBADDFFD5C1A@exchange>
Sender: owner-ipsec@lists.tislabs.com

Tim Jenkins writes:
> > If people are worried about being nice net citizens then use 
> > the responder-
> > lifetime notify. It's very nice.
> I agree 100% that it's very nice. But the reality is that
> it is optional, so you cannot know 100% of the time that
> the peer supports it. So, if someone wants to be a nice
> net citizen, why would they say "screw you if you don't
> use the responder lifetime notify"?

s/responder lifetime notify/delete notifications/g

This same paragraph can be used when arguing about use of the delete
payloads. Both are optional, and you cannot be 100% sure that the
other end supports it. 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

RE: IPSec SA DELETE in "dangling" implementation

From: Tim Jenkins <tjenkins@TimeStep.com>

Prev by Date: Re: matching GW addr to ID payload (fwd)
Next by Date: Re: IPSec SA DELETE in "dangling" implementation
Prev by thread: Re: IPSec SA DELETE in "dangling" implementation
Next by thread: RE: IPSec SA DELETE in "dangling" implementation
Index(es):
- Main
- Thread