[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSec SA DELETE in "dangling" implementation
Tim Jenkins writes:
> > If people are worried about being nice net citizens then use
> > the responder-
> > lifetime notify. It's very nice.
> I agree 100% that it's very nice. But the reality is that
> it is optional, so you cannot know 100% of the time that
> the peer supports it. So, if someone wants to be a nice
> net citizen, why would they say "screw you if you don't
> use the responder lifetime notify"?
s/responder lifetime notify/delete notifications/g
This same paragraph can be used when arguing about use of the delete
payloads. Both are optional, and you cannot be 100% sure that the
other end supports it.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: