[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Racing IKE SAs Revisited

To: "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
Subject: Racing IKE SAs Revisited
From: "Kim Edwards" <kimed@nortelnetworks.com>
Date: Tue, 01 Feb 2000 11:28:58 -0500
Organization: Nortel Networks
Sender: owner-ipsec@lists.tislabs.com

context.... two peers simultaneously attempt to negotiate an IKE SA with
each other

After perusing the archives, it seems that implementations are
supporting the simultaneous negotiation of 2 IKE SAs.  Assume that PFS
is not required and the two IKE SAs were successfully negotiated.

Do we still keep both IKE SAs around until they expire?
If so, can one peer use both IKE SAs to negotiate two different IPsec
SAs?

-- 
Kim Edwards <kimed@nortelnetworks.com>
ILS Software Engineer, Nortel Networks
(613)765-8551

Follow-Ups:

Re: Racing IKE SAs Revisited

From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: Re: Bruce Schneier on IPsec
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: Re: Future ISAKMP Denial of Service Vulnerablity Needs Addressing
Next by thread: Re: Racing IKE SAs Revisited
Index(es):
- Main
- Thread